Exabeam Entity Analytics
Behavioral Analytics for IT, IoT and OT devices and cloud storage objects
Request a Demo
Entity Behavior Analysis
Attackers move laterally through a network, across users, machines and assets in their search for high value data. Connected assets like medical equipment, machinery, and power grid infrastructure, along with cloud assets can become an easy target. Assets require the same monitoring as humans, since they often control production and operations and can store sensitive corporate data including personal information, customer data or API data. Entity Analytics establishes baseline behavior using communication patterns, ports and protocols, and operating activity — automatically identifying irregular entity activities indicative of a security incident.
Prebuilt Incident Timelines
For all anomalies detected by Entity Analytics, Exabeam Smart Timelines, machine-built incident timelines, stitch together both the normal and abnormal behavior for machines, assets, IoT devices and cloud storage objects. Unlike competitive UEBA solutions, Smart Timelines display lateral movement. Smart Timelines detail what happened during an incident and identify behavioral context to determine if the activity was normal — reducing the manual efforts of your SOC as they gather evidence for their investigation.
End-to-End Network Visibility
Whether monitoring a LAN or assets from a power grid, data viewed in isolation can appear benign. Exabeam combines and analyzes logs from various sources including VPN, cloud applications, email services, firewalls, NetFlow, and other specific IoT sensors. Machine learning and behavioral modeling that underpin our UEBA solution are then used to detect complex threats that would otherwise go undetected.
Automatic IP Mapping
In most IT environments machines are dynamically assigned IP addresses by DHCP. If an incident occurs, security teams must match which assets correlate with the targeted addresses. This can be a tedious, manual process. Entity Analytics not only performs IP association on current addresses, but also all past DHCP IP addressing over time.
Rule And Signature-Free Detection
Correlation rules and threat signatures create false positives due to their lack of context, and false negatives because they’re not able to detect unknown attacks. Maintenance also consumes large blocks of analyst time. Entity Analytics uses behavioral modeling and machine learning to look for abnormal activity — sensing risks and detecting anomalous events — without the tuning, maintenance, and false positives that drain analyst productivity.
Need a UEBA solution?
“With Exabeam, we can tell when a student’s VPN behavior is legitimate and not an indicator of compromise. This saves our security team an enormous amount of time.”