A Security Intelligence Platform built on advanced data science, deep security expertise, and proven open source big data solutions.
Exabeam Security Intelligence supports a variety of information security use cases.
Discover industry-leading white papers, analyst reports, case studies, webinars and more.
Join with us as we lead the fight against modern cyber threats. And we aim to win.
Deep security expertise, advanced data science, and innovative tracking technology make us either a formidable cyber adversary or a great partner. It just depends whose side you’re on.
Threat Hunter is an advanced querying tool that uses Stateful Session data models to complement user behavior analytics. Exabeam Threat Hunter enables security analysts to search and pivot across multiple dimensions of user activity to find sessions that contain specific unusual behaviors or find users that match certain criteria. For example, an analyst might ask to see “all sessions where a user logged into the VPN from a foreign country for the first time, then accessed a new server for the first time, after which FireEye created a malware alert.” This level of analysis across disjoint activities and systems is simple with Exabeam. Now analysts can ask new questions. With Threat Hunter, machine learning provides intelligent answers, in addition to alerts.
It’s time to bring threat hunting out of the dark ages. Complex, proprietary query-languages such as those used by legacy SIEMs are archaic and prevent junior staff members from being productive in the task of uncovering adversaries lurking in your network. The query language approach requires an intimate knowledge of the SIEM system in use and a deep understanding of the specific security problems being searched for; neither of which your junior talent is likely to posses. This means proactive threat hunting is going to be relegated to your hard to hire SIEM ninjas.
Exabeam Threat Hunter takes an entirely different approach to threat hunting which brings proactive searching capabilities to everyone in the SOC. By leveraging a simple, point-and-click user interface, users can easily select search criteria from drop down menus and auto-populating fields to quickly create complex searches.
For example,an analyst can quickly find “all non-executive users who VPN’d in from China to log on to an executive asset” by selecting the appropriate activity type, geo location, and risk reason from Threat Hunter’s search criteria. This empowers junior staff by giving them the tools to quickly and easily perform a complex search that would otherwise be painful and time consuming for your most powerful SIEM wizard.
Exabeam Threat Hunter is also unique amongst threat hunting tools in that it returns entire user sessions, as opposed to singular events. These user sessions are based on Exabeam’s Session Data model which stitches all user behavior (normal and anomalous) into coherent timelines which provide immediate context for all incidents discovered. This automates the manual and tedious investigation by eliminating the need to gather data and reconstruct timelines. What would take days or weeks without Exabeam, is accomplished in seconds with the help of the Exabeam session data model.