Security Intelligence Platform
The Exabeam Security Intelligence Platform provides organizations of all sizes with comprehensive, end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam provides elastic scalability through the use of a modern big data and machine learning architecture that ingests and analyzes data at any scale; all at a predictable cost. This means organizations no longer need to choose between adhering to security budgets and adding additional data sources that would minimize their security blind spots.
Delivering on the Promise of SIEM
Exabeam represents the first security management platform to fully deliver on the initial “promise of SIEM”: complete visibility into modern threats with automated and intelligent response. Exabeam delivers what SIEM products do not.
The Next Generation of SIEM
Legacy SIEMs cause heartburn for users in each of their functional areas, including: data collection, threat detection, and incident response. Between volume-based pricing models that gouge at security budgets, static correlation rules that consume precious analyst resources as well as create false positives, and case management that does nothing to automate or amplify incident response; legacy SIEMs leave a lot to be desired. After years of suffering at the hands of these vendors, customers are finally able to get reprieve in the form of Next-Gen SIEMs.
Next-Gen SIEMs are characterized by their use of modern solutions like open-source, big data architectures, artificial intelligence, machine learning, and behavioral analysis, to solve today’s pressing security management problems. Next-Gen SIEMs provide tangible value to security teams by automating manual tasks, increasing threat detection, and amplifying productivity instead of simply consuming SOC resources like their predecessors.
The Exabeam Security Intelligence Platform is the market’s first, and leading Next-Gen SIEM platform.
|Function||Legacy SIEM||Next-Gen SIEM|
|Data collection||Proprietary data management systems||Unlimitedly scalable security data lakes|
|Threat detection||Correlation rules||User and entity behavior analysis|
|Incident response||Case management||Security orchestration and automation|
This platform includes five key components:
Exabeam Data Lake: Exabeam Data Lake (EDL) offers the high performance of a modern data management system without the volume-based pricing models that have typically prevented customers from taking full advantage of the data they have available. To do this, Exabeam built EDL on the popular open source Elasticsearch stack and combined its components with the additional functionality enterprises demand of their security solutions. Exabeam Data Lake can be deployed alongside, or in replacement of traditional log management or SIEM systems and operates at lightning-fast speeds and can be scaled far beyond the capabilities of legacy data management technologies. Since EDL was designed for security data management, it includes context-aware capabilities that improve ease of use for security analysts. For example, Exabeam Data Lake parses raw data – logs, network, endpoint, etc. – into a security information model and formats records based on their types, highlighting the most relevant fields for easy visual scanning by human readers. Finally, Exabeam streamlines the Elastic user interface with several custom built components that greatly improve security analyst workflows.
Exabeam Advanced Analytics: Exabeam Advanced Analytics is the world’s most-deployed User and Entity Behavior Analytics (UEBA) solution. Advanced Analytics detects insider threats, compromised accounts, and data loss via deep learning and specialized statistical risk models. With the ability to accurately model the behavior of users, entities, and even security alerts from other security solutions, Exabeam can quickly detect complex threats, prioritize security alert investigation, and slash the response time of incident investigations. By automatically recreating entire attack chains, and piecing together both normal and anomalous behavior of users and entities, Exabeam dramatically reduces the time and effort security analysts must spend on investigations. Based on a patented session data model, Exabeam creates, in seconds, automatic incident timelines that show all activity – good and bad – across multiple IP addresses, devices, and credentials. Exabeam Advanced Analytics amplifies the abilities of SOC and IR staff by automating the manual drudge of investigations, thus freeing up resources for more proactive security initiatives like threat hunting.
Exabeam Entity Analytics: Entity Analytics leverages entity behavior analysis and machine learning to detect advanced threats lurking in the myriad of internet connected deployed in today’s IT environments. With the ability to ingest and model machine behavior, Entity Analytics quickly establishes baselines for normal operating activity throughout an organization and then the identifies risky, anomalous activity associated with compromised assets. Once detected, incidents are presented to analysts via prebuilt incident timelines that include lateral movement and affected users. Entity Analytics helps enterprise security teams subject machines—medical devices, manufacturing equipment, and other types of infrastructure—to the same level of security controls and monitoring as their human counterparts.
Exabeam Incident Responder: When Exabeam detects an insider threat or other incident, the job isn’t completed. Organizations must still respond efficiently and effectively to the newly discovered threat. Exabeam Incident Responder automates a firm’s response procedures through the use of incident workflows and playbooks. Incident Responder includes prebuilt playbooks for many of the most common incident types that response teams face, such as malware alerts, phishing incidents, data loss alerts, departed insider issues, etc. Exabeam playbooks can also be modified, allowing customers to create and share their own playbooks.The benefits of automated, guided response are clear: reduced response time, fewer human induced errors, and improved productivity for incident response teams. Incident Responder can perform automatic actions (e.g. resetting a user password or containing an infected endpoint machine) or guide manual actions by IR staff. Exabeam IR workflows tie together the many specialized security technologies that already exist within most organizations.
Exabeam Cloud Connectors: Today’s IT environments are complex and distributed; often including a variety of cloud based services which serve critical functions like file storage, email, CRM and more. Exabeam Cloud Connectors offer direct log collection capabilities for a host of popular cloud based services including Salesforce.com, Box, Office365, and others. This set of pre-built connectors augments the natural log collection capabilities of Exabeam Data Lake to easily report and analyze users’ cloud activity and behavior alongside activity on internal systems.
Exabeam Threat Hunter: Where Exabeam Advanced Analytics uses machine learning techniques to notify an analyst about emerging threats, Exabeam Threat Hunter enables security analysts to search and pivot across multiple dimensions of user activity to find sessions that contain specific unusual behaviors or find users that match certain criteria. For example, an analyst might ask to see “all sessions where a user logged into the VPN from a foreign country for the first time, then accessed a new server for the first time, after which FireEye created a malware alert.” This level of analysis across disjoint activities and systems would be difficult if not impossible with the traditional query language approach of most SIEMs.Designed around a simple point-and-click interface, Threat Hunter enables even junior analysts to ask new and complex questions of their organization’s behavioral data without needing to learn a proprietary query language. Analysts can easily pivot through and drill down into user sessions to follow complex, multi-stage attacks. With Threat Hunter, machine learning provides intelligent answers, in addition to alerts.