External Threats

Phishing refers to social engineering attacks over email or other messaging services designed to deceive users into taking action (clicking a link or downloading a file) to assist the threat actor. In doing so, employees unknowingly provide an adversary access into an organization. Exabeam automatically detects this abnormal behavior and provides a full list of compromised users and assets for investigation. Our phishing checklist guides analysts to answer key investigation questions and prescribes a comprehensive list of response actions. The Phishing Turnkey Playbook automates key workflows, such as leveraging threat intelligence to check the reputation of links or attachments in emails.

Malware is malicious programs or code developed by adversaries with the intent to cause damage to data or a system or gain unauthorized access to a network. Malware manifests in many forms: adware, spyware, virus, worms, a trojan, and more. Although antivirus software helps protect against known strains of malware, it is impossible to identify new strains with signature based detection alone. Exabeam automatically detects abnormal behavior associated with malware, such as processes executed or anomalous file activity. Smart Timelines and malware checklist help analysts investigate threats by answering questions like “Has this malware been found on other machines?” The Malware Turnkey Playbook automates key workflows, like detonating a file in a sandbox.

Ransomware is a type of malware that encrypts important files such as documents and images, making them inaccessible. Attackers then demand a ransom to unlock the files. Ransomware attacks are increasingly targeting organizations for larger payouts, and across industries—from the public sector to education to healthcare. Exabeam detects techniques consistently seen across all ransomware attacks, helping organizations protect sensitive data by providing visibility into assets with vulnerabilities or misconfigurations that adversaries may exploit for ransomware to take hold. Analysts can quickly investigate and respond to any threats with incident timelines, a guided checklist, and automated playbooks to ensure they intervene in the early stages of a ransomware attack and prevent payday.