What’s New in Exabeam Product Development — November 2023
The Exabeam November feature release is now available to customers. As part of our commitment to developing an open security operations platform that doesn’t limit customer choice, we’ve added new partner integrations with Cribl, Teams, and Slack. Improved MITRE ATT&CKⓇ framework mapping allows customers to closely align their Exabeam deployment with ATT&CK in Outcomes Navigator as well as Correlation Rules.
We have also completed an IRAP assessment at the PROTECTED level for the Exabeam Security Operations Platform, a testament to our continuous dedication to delivering and maintaining AI-driven and cloud-native security operations solutions in accordance with the most rigorous security benchmarks. To further streamline SOC workflows and boost analyst productivity, we’ve also simplified the correlation rule lookup process and added nine new pre-built dashboards.
Other updates include:
- Exabeam Cribl Collector via Google Cloud Storage for accelerated threat detection
- Microsoft Teams and Slack notifications meet you where you work
- Mapping Outcomes Navigator to the ATT&CK framework
- Streamlined workflows boost security operations productivity
- Exabeam completes IRAP assessment at the PROTECTED level
Exabeam Cribl Collector via Google Cloud Storage for accelerated threat detection
In August, we announced a strategic partnership with Cribl to accelerate threat detection for Exabeam customers. The Exabeam Cribl Collector is now available via Google Cloud Storage buckets. This continued integration with Cribl allows security teams to gain additional control over telemetry data, and the flexibility to shape logs into any format needed.
The Cribl Collector works with Exabeam to provide efficient data ingestion while reducing storage costs by ensuring that only relevant data gets ingested into the platform. Additional benefits of the Exabeam and Cribl integration include the ability to route log data to multiple locations, reprocess logs, and optimize data flow dependencies.
Together, Exabeam and Cribl provide security teams with better visibility into the right data sets to accelerate threat detection, investigation, and response (TDIR).
Learn more about how Exabeam and Cribl work together to accelerate security operations, then get a demo to see how Exabeam and Cribl work together to improve security operations.
Microsoft Teams and Slack notifications meet you where you work
Every organization and security operations team is different in how they best communicate with one another, and the tools they use for everyday work. For November, Exabeam has added support for Teams and Slack notifications. These new notification options reduce the time it takes to acknowledge and respond to threats by notifying users in their preferred daily workflow.
Figure 2 above represents an example of a Teams or Slack notification. Expanding on the existing options of in-app, email, and webhooks, these new notifications can be sent to multiple channels and include information on the event, severity, Exabeam application, and a remediation recommendation.
Mapping Outcomes Navigator to the ATT&CK framework
The ATT&CK framework is a global knowledge base of adversary tactics and techniques, derived from real-world cybersecurity threat observations. Security organizations now lean towards using tactics, techniques, and procedures (TTPs) to detect adversaries. Unlike indicators of compromise (IoCs), which are attack artifacts, TTPs detail the ongoing attack behaviors, empowering analysts for proactive threat detection.
Exabeam has expanded Outcomes Navigator to map to the ATT&CK framework. This allows customers to assess their environment, receiving insights into configuration strengths and recommendations for improvements. This feature also advises on optimal configurations for better defense against TTPs, pinpointing security gaps and vulnerabilities. It’s a valuable resource for organizations aligning with or benchmarking against the ATT&CK framework, offering actionable insights for a stronger cybersecurity stance.
Streamlined workflows boost security operations productivity
Analysts can now look up correlation rule names and IDs via API. With this new simplified workflow, the API will return all matching names with the corresponding IDs. This feature improves analyst productivity by allowing them to enter the partial name of a correlation rule with a return of all potential matches with corresponding rule IDs.
With limited IT resources, security teams are being asked to do more with less. The Exabeam November release helps customers streamline security operations with new pre-built compliance dashboards:
- Exabeam – Default Account Access Dashboard
- Exabeam – Disabled User Account Summary Dashboard
With just a few clicks, users can get broad dashboard visualizations that help measure the effectiveness of SOC operations while speeding compliance and reporting.
Exabeam completes IRAP assessment at the PROTECTED level
The Information Security Registered Assessors Program (IRAP) is a framework by the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), to evaluate an organization’s security controls, ensuring alignment with Australian government security requisites. In August, Exabeam initiated the IRAP assessment process. We are excited to announce that Exabeam has completed an IRAP assessment at the PROTECTED level for the Exabeam Security Operations Platform.
We are excited about this opportunity to expand Exabeam capabilities to organizations and government agencies in Australia. The completion of an IRAP assessment illustrates our continuous dedication to delivering and maintaining AI-driven and cloud-native security operations solutions in accordance with the most exacting security benchmarks.
Stay up to date with Exabeam Community
New Cloud Coverage – Switzerland: Exabeam Support for Swiss and European Businesses Grows
What’s New in Exabeam Product Development — January 2024
Exabeam SIEM: Bridging the Gaps for Advanced SOC Functionality
Save The Date! Exabeam Spotlight24 Global Webcast Registration Opens March 12
Exabeam Unveils 2023 Partner of the Year Award Winners
The AI-Driven Exabeam Security Operations Platform: Revolutionizing Threat Detection, Investigation, and Response
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!