What’s New in Exabeam Product Development — November 2023

The Exabeam November feature release is now available to customers. As part of our commitment to developing an open security operations platform that doesn’t limit customer choice, we’ve added new partner integrations with Cribl, Teams, and Slack. Improved MITRE ATT&CK^Ⓡ framework mapping allows customers to closely align their Exabeam deployment with ATT&CK in Outcomes Navigator as well as Correlation Rules. 

We have also completed an IRAP assessment at the PROTECTED level for the Exabeam Security Operations Platform, a testament to our continuous dedication to delivering and maintaining AI-driven and cloud-native security operations solutions in accordance with the most rigorous security benchmarks. To further streamline SOC workflows and boost analyst productivity, we’ve also simplified the correlation rule lookup process and added nine new pre-built dashboards. 

Other updates include:

• Exabeam Cribl Collector via Google Cloud Storage for accelerated threat detection
• Microsoft Teams and Slack notifications meet you where you work
• Mapping Outcomes Navigator to the ATT&CK framework
• Streamlined workflows boost security operations productivity
• Exabeam completes IRAP assessment at the PROTECTED level

Exabeam Cribl Collector via Google Cloud Storage for accelerated threat detection

In August, we announced a strategic partnership with Cribl to accelerate threat detection for Exabeam customers. The Exabeam Cribl Collector is now available via Google Cloud Storage buckets. This continued integration with Cribl allows security teams to gain additional control over telemetry data, and the flexibility to shape logs into any format needed.  

The Cribl Collector works with Exabeam to provide efficient data ingestion while reducing storage costs by ensuring that only relevant data gets ingested into the platform. Additional benefits of the Exabeam and Cribl integration include the ability to route log data to multiple locations, reprocess logs, and optimize data flow dependencies.

Together, Exabeam and Cribl provide security teams with better visibility into the right data sets to accelerate threat detection, investigation, and response (TDIR).

Learn more about how Exabeam and Cribl work together to accelerate security operations, then get a demo to see how Exabeam and Cribl work together to improve security operations.

Microsoft Teams and Slack notifications meet you where you work

Every organization and security operations team is different in how they best communicate with one another, and the tools they use for everyday work. For November, Exabeam has added support for Teams and Slack notifications. These new notification options reduce the time it takes to acknowledge and respond to threats by notifying users in their preferred daily workflow. 

Figure 2 above represents an example of a Teams or Slack notification. Expanding on the existing options of in-app, email, and webhooks, these new notifications can be sent to multiple channels and include information on the event, severity, Exabeam application, and a remediation recommendation.

Mapping Outcomes Navigator to the ATT&CK framework

The ATT&CK framework is a global knowledge base of adversary tactics and techniques, derived from real-world cybersecurity threat observations. Security organizations now lean towards using tactics, techniques, and procedures (TTPs) to detect adversaries. Unlike indicators of compromise (IoCs), which are attack artifacts, TTPs detail the ongoing attack behaviors, empowering analysts for proactive threat detection. 

Exabeam has expanded Outcomes Navigator to map to the ATT&CK framework. This allows customers to assess their environment, receiving insights into configuration strengths and recommendations for improvements. This feature also advises on optimal configurations for better defense against TTPs, pinpointing security gaps and vulnerabilities. It’s a valuable resource for organizations aligning with or benchmarking against the ATT&CK framework, offering actionable insights for a stronger cybersecurity stance.

Streamlined workflows boost security operations productivity

Analysts can now look up correlation rule names and IDs via API. With this new simplified workflow, the API will return all matching names with the corresponding IDs. This feature improves analyst productivity by allowing them to enter the partial name of a correlation rule with a return of all potential matches with corresponding rule IDs.

With limited IT resources, security teams are being asked to do more with less. The Exabeam November release helps customers streamline security operations with new pre-built compliance dashboards:

• Exabeam – Default Account Access Dashboard
• Exabeam – Disabled User Account Summary Dashboard

With just a few clicks, users can get broad dashboard visualizations that help measure the effectiveness of SOC operations while speeding compliance and reporting.

Exabeam completes IRAP assessment at the PROTECTED level

The Information Security Registered Assessors Program (IRAP) is a framework by the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), to evaluate an organization’s security controls, ensuring alignment with Australian government security requisites. In August, Exabeam initiated the IRAP assessment process. We are excited to announce that Exabeam has completed an IRAP assessment at the PROTECTED level for the Exabeam Security Operations Platform.

We are excited about this opportunity to expand Exabeam capabilities to organizations and government agencies in Australia. The completion of an IRAP assessment illustrates our continuous dedication to delivering and maintaining AI-driven and cloud-native security operations solutions in accordance with the most exacting security benchmarks.

Dig into the new release in the Exabeam Community. Engage in live ExaExpert Q&A sessions every other week, or join technical discussions at your convenience. Your curiosity and questions are always welcome.