Compliance - Exabeam


Out-of-the-box compliance. Always up-to-date.

Many organizations use manual processes and disparate security products to satisfy regulatory requirements, like General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX).

These ad hoc processes leave organizations at risk for audit failure, fines, and disclosure reporting. Exabeam provides detection rules and models, and compliance reports, out-of-the-box to help you show auditors that security controls are in place and work as designed.

  • GDPR
  • SOX

Ensure your organization meets GDPR requirements while protecting individual privacy.

The goal of GDPR legislation is to protect the personal data of European Union (EU) citizens. GDPR applies to any company doing business with an EU organization or an individual. Stiff fines are imposed for non-compliance, which could be up to 4% of the organization’s worldwide annual revenue.


Reduce external threats

As attackers continually refine their methods, GDPR mandates that organizations keep up with evolving threats by employing state-of-the-art technologies capable of scaling with the problem (articles 25 and 32).

Out-of-the-box detection models free analysts from constantly writing and updating correlation rules to track evolving threats. Exabeam behavioral analytics continuously baseline normal behavior of all users and entities on the network. Any deviations from normal behavior are instantly flagged and assigned a risk score. Exabeam then gathers all related events into a cohesive timeline. As a result, analysts can scale their detection, investigation, and response practices in ways previously unimaginable.

Reduce internal threats

Threats originating from within the organization are often the most difficult to detect, as insiders may have intimate knowledge of systems and processes. GDPR directs organizations to carefully consider the risk of unauthorized access, alteration, destruction, or exfiltration of personal data at every stage of handling (Article 24).

Identity and network access controls help organizations create a system protection framework, but fail to account for the innumerable ways insiders accidentally or maliciously threaten the organization. Exabeam can gather logs from over 500 productivity and security applications and map activity to individuals, using analytics to fill in missing log fields. Using behavioral analysis, Exabeam then baselines normal user activity against which it can alert on abnormalities and deviations. Whether it’s a privilege escalation, or a related data exfiltration event, threats are readily identified.

Use out-of-the-box compliance reports

To achieve GDPR compliance, organizations need to demonstrate that they monitor critical infrastructure holding the personal data of EU citizens.

Using a powerful compliance and forensics reporting engine, Exabeam generates a series of built-in, GDPR-specific reports, that help reduce the time to show compliance to auditors.

Protect employee Personally Identifiable Information (PII)

A critical GDPR requirement is to protect employee PII from unwarranted access.

Exabeam provides role-based access control (RBAC) that can be used to enforce PII data masking. With Exabeam, risky actions representing potential security incidents are surfaced to analysts. User information can remain masked until a credible risk has been identified and the incident is forwarded to data privacy officers (DPOs) for de-masking. Individual privacy is therefore maintained.

Reduce your breach response time, minimize data exposure

GDPR requires breach notification within 72 hours, but most organizations struggle to know when one has occurred. Using traditional tools such as a conventional SIEM, it could take days, weeks, or even months to detect a breach, let alone understand its complete scope, and reduce data exposure.

With Exabeam, it’s easy for analysts to detect an incident and see the broader attack chain. By applying behavior-based risk scoring to all users and devices, Exabeam dampens noise from false positives and keeps your analysts focused on actual incidents. Exabeam Smart Timelines supercharge your detection, investigation, and response processes by automatically collecting all investigation artifacts in a single cohesive timeline.

Adhering to GDPR Security Controls with Exabeam


Secure Credit Card Data and Accelerate PCI-DSS Compliance

PCI-DSS promotes cardholder data security while facilitating broad, global adoption of consistent data security measures. PCI compliance is a must for any organization handling credit card data, and failure to comply can result in daily penalties and fines.


Comprehensive compliance logging

Monitoring and analyzing events, as well as having continuous visibility to maintain compliance, are crucial components of PCI-DSS.

Get out-of-the-box PCI-DSS compliance reports, such as “Failed VPN Logins” and “Remote Session Timeouts,” making it easy to show compliance to your auditor. Exabeam Cloud Archive allows you to retain up to ten years of online searchable data, and meet retention requirements for internal compliance stakeholders and external auditors.

Early, accurate threat detection using behavioral analysis

Ensuring rapid threat detection is a key PCI-DSS requirement. PCI-DSS also emphasizes continuous account monitoring—especially for privileged users and third-party vendors having special access. But for most organizations, if a legitimate user’s credentials have been compromised, malicious activity often goes unnoticed.

Exabeam continuously baselines normal behavior of all users and entities on the network using behavioral analytics. Any deviations from normal behavior are instantly flagged and assigned a risk score. All activity is also automatically organized into machine-built timelines to provide context for security teams to triage and take decisive action. As a result, analysts can detect insider threats, compromised accounts, data loss, and other advanced threats.

Augment your PCI scope reduction efforts to save money

Most organizations limit PCI scope to lower the cost of the PCI-DSS assessment; to lower the cost and difficulty of implementing and maintaining PCI-DSS controls; and to reduce the likelihood of non-compliance.

Exabeam provides hundreds of out-of-the-box detection models to immediately flag PCI scope violations and save your organization from surprises during PCI audit time.

Effective, automated incident response

Another PCI-DSS tenet is to quickly and effectively respond to any incident.

Exabeam Smart Timelines are machine-built timelines created for every user and every device, every day. Smart Timelines provide a chronological list of all activity—normal and abnormal—so analysts can see an entire attack chain, not just pieces of it. With a clear understanding of the scope of the attack, analysts can then use out-of-the-box response actions and playbooks, or create their own to orchestrate and automate remediation.

Implementing PCI DSS Controls with Exabeam


Enforce Internal Controls and Reporting Requirements Necessary to meet SOX Compliance with Exabeam.

SOX regulation aims to protect shareholders and the general public from accounting errors and fraudulent corporate practices, and to improve the accuracy of corporate disclosures.


Monitor security events, including sensitive file access

Businesses operate in distributed environments leveraging internal and external infrastructure. To gain visibility across these domains and monitor them for SOX compliance, logs must be collected from all of these operating environments.

Exabeam gives security teams the edge they need to quickly and accurately identify risky activity related to financial reporting no matter where it may occur. Exabeam ingests log data across disparate domains (e.g., cloud, database, email, application) and assembles it into a coherent activity chain to improve analyst visibility. Regarding the detection of data tampering specifically, Exabeam has built-in file monitoring models that track every file-related action—including initial access, attaching data to an email, downloading, or even writing to a USB drive.

Detect compromised credentials

Ensuring that only authorized personnel have access to sensitive data is a fundamental control for financial systems. This includes preventing unauthorized, internal employees—as well as external actors—from obtaining credentials and initiating an attack chain.

Exabeam accurately models the behavior of users and entities to notify analysts of anomalous activity—including activity occurring by users with seemingly valid credentials. Exabeam also provides actionable insights about alerts from other security solutions, giving analysts the context to take quick, decisive action.

Enable rapid investigation

SOX Section 302 requires organizations to implement systems that protect against data tampering, track timelines, and evaluate the who-what-where-when of data access. For insider threats—especially those involving lateral movement—it may be difficult and time-consuming, if not impossible, to create accurate incident timelines.

Exabeam user and entity behavior analytics identifies incidents, then automatically creates timelines so analysts can investigate them. Automating parts of the investigation removes pressure on limited human resources, and helps analysts efficiently fulfill the Section 302 requirement.

Effective incident response

Prevention is a core tenet of SOX, and it has historically been the IT security focal point. But threats do occur, and incident response is a top priority.

Exabeam Smart Timelines are machine-built timelines that are created for every user and every device, every day. Smart Timelines uniquely provide a chronological list of all activity—normal and abnormal—so analysts can see an entire attack chain, not just pieces of it. With a clear understanding of the scope of the attack, analysts can then use out-of-the-box response actions and playbooks, or create their own to orchestrate and automate remediation.

Complying with SOX Regulations Using the Exabeam Security Operations Platform