Earlier this week we launched Exabeam Data Lake—previously known as Exabeam Log Manager—a security data lake that helps you collect and store unlimited amounts of security data to meet threat detection and compliance use cases. Here are 5 things you should know about Data Lake:
1. You Can Buy It How You Want to Buy It
We understand that traditionally there has been a fair amount of angst amongst SIEM buyers related to how these solutions are packaged and priced. We believe that it’s time you get the SIEM you’ve always wanted and to do so the way that works best to you, these efforts include:
Exabeam Data Lake is built on top of ElasticSearch, the popular open-source log management solution. ElasticSearch includes a horizontally scalable architecture that has proven to be effective at handling web-scale data for some of Silicon Valley’s largest companies. Data Lake makes it quick and easy to store and search ALL of your security data for later use in compliance and threat detection initiatives.
No Volume-based Pricing
With legacy SIEMs or traditional log management systems, storing all of your security data results in large, ever-growing bills. Conversely, with Exabeam Data Lake, we have done away with volume-based pricing models and by-the-byte billing and instead opted for a flat, user-based pricing model. This means you no longer need to choose between having large SIEM bills and potential security blind spots (because you didn’t store the right data).
It’s A La Carte
Data Lake is part of the Exabeam Security Intelligence Platform, a collection of security management solutions which licensed in a completely a la carte manner. This lets you purchase the pieces you need to solve the problems you have. Want to deploy a turn-key security data lake alongside your SIEM? Looking to do a more extensive SIEM replacement? Hoping to upgrade your detection capabilities but keep your SIEM? No problem! No matter what part of your security management program you’re looking to enhance, we’ve got you covered with our modular licensing structure.
2. It’s Built for Security Teams and Their Data
Exabeam Data Lake comes with thousands of parsers out of the box. Many of these parsers were originally developed for Exabeam Advanced Analytics, our UEBA solution, and provide Data Lake with the ability to parse logs from hundreds of popular security solutions. If you need a parser we don’t have, we’ll make it for you for free. Our turn around is usually 24 to 48 hours.
Data Lake ships with loads of security related content including pre-built reports, dashboards, and visualizations to handle common security and compliance requirements. This helps SOCs quickly adapt the product to meet their compliance and reporting needs as well as to reap immediate value from their security data.
Highlighting Security Data
Exabeam Data Lake parses raw data – logs, network, endpoint, etc. – into a security information model and formats records based on their types, highlighting the most relevant fields for security teams. This makes it easy for your security analysts to quickly find the information they’re after, instead of spending their time visually parsing through lines of dense event logs.
3. It’s part of an integrated platform
Exabeam Data Lake is part of an integrated Next Gen SIEM platform. As such, Data Lake has tight, native-level integration with the other solutions in the platform that help reduce your organization’s threat exposure, lower your staffing requirements, and streamline your SOC’s operations. Two such integrations of Data Lake within the Exabeam Security Intelligence Platform include:
Data Lake and Cloud Connectors
Exabeam Cloud Connectors is a collection of pre-built APIs that fetch logs from popular cloud-based services like Office 365, Google Apps for Work, and SalesForce, for storage in Exabeam Data Lake or analysis in Exabeam Advanced analytics. The combination of Data Lake and Cloud Connectors makes it easy to ingest, store, search and analyze logs from anywhere in your organization.
Data Lake and Advanced Analytics
Exabeam Advanced Analytics helps you identify threats in your environment by analyzing user and entity behavior in log files for signs of risky, anomalous activity. The integration between Data Lake and Advanced Analytics enables you to store unlimited amounts of data, then to holistically analyze that data for threats with behavioral analytics. Going the other direction, Advanced Analytics is able to enrich logs in Data Lake with data obtained through its machine learning and host-to-IP mapping engines.
Furthermore, all Exabeam products have access to several shared services. This improves usability, cuts down on management overhead, creates a more seamless solution. Shared services include:
- Role based access control
- Health monitoring
- User management
- Context Enrichment based data from our Advanced Analytics solution
4. The UX is Surprisingly Intuitive
Unfortunately, security practitioners live in a complicated world. Oftentimes we find ourselves trained, by years of interaction with legacy products, that more dials and knobs, extra buttons, and additional whistles will make for better security. We believe it doesn’t need to be this way. You can have all of the in-depth, enterprise functionality you crave but also simplicity, automation, and elegance. To this end, Exabeam has gone to painstaking lengths to improve our user interface and user experience.
Security is in our DNA. We understand what SOC teams are trying to achieve with their tools, how they go about their day-to-day activities, and what is slowing them down. Armed with this knowledge we are relentlessly looking for ways to streamline workflows, to remove steps, and reduce clicks; all while focusing on creating an aesthetically pleasing product. One example of this design approach is our recent redesign Kibana, the native ElasticSearch visualization plugin. You will notice significant improvements to creation workflows and graphical chart elements. We take a template approach where you select the type of visualization you’d like to build from a menu, enter a sample search query or use a recent search query, and we’ll build a visualization for you. From there all you need to do is use the drop-down menus in our visualization builder to customize it to meet your needs.
5. Its Built on Proven Open Source Technology
Exabeam Data Lake is built on top of ElasticSearch. This provides Data Lake with a proven, horizontally scalable architecture with unlimited scalability that has been been well vetted by giant B2B companies like LinkedIn and Netflix.
Data Lake also makes use of other ElasticSearch components. Data Lake leverages Beats—an ecosystem of lightweight data shippers native to the ElasticSearch platform—to collect and centralize data from your environment including log files, network data, and windows event logs. In addition to the open source collectors available from Elastic, Exabeam has created a number of its own collectors including a DB Collector which debuts in this release.
Data Lake also makes it easy to maintain these collectors, by providing you with a remote management system to easily manage your the health and configuration of the hundreds or thousands of collectors in your environment at scale.