Exabeam SaaS Improves Security Content and User Experience

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Published
January 26, 2021

Exabeam recently released i54, the latest version of Exabeam Advanced Analytics. In our previous post, you learned about how Content over Cloud lets you manage and install new content directly in our UI. Today, we’re excited to share how we use another new capability, Proactive Content Monitoring, to improve parser quality and the user experience. In this post, you will learn about updating and improving parsers with Exabeam and how Proactive Content Monitoring tackles that with a novel approach.

Parser quality drives SIEM quality

Previously, we shared how features like Content over Cloud support engineering and analyst workflows by seamlessly and automatically delivering frequent content updates and custom content. But aside from new detection, new content can also include parser updates and tweaks. Many SIEMs rely on a historically passive and reactive approach to parser updates. At Exabeam, this typically meant a customer would open a ticket and would wait on the services team to perform an ad-hoc analysis and provide a new parser. Seeing another manual and tedious process, we sought to add some intelligent automation.

Introducing: Proactive Content Monitoring

We’ve shifted the paradigm on content quality by taking a data-driven, proactive approach to parser updates with Proactive Content Monitoring. This new system analyzes the parsing quality of our SaaS customers at scale. Once the content team at Exabeam creates the tweak, an update is made available via Content over Cloud to deploy in your environment. 

With Proactive Content Monitoring, we leverage the collective insights from across our SaaS customer base to understand what improvements need to be prioritized. In turn, our customers benefit from each other as parser fixes are delivered globally across each of their environments via Content over Cloud, versus ad-hoc, custom packages. This model allows our content team to continuously identify the most needed fixes, proactively deliver them, and measure improvement.


Drive-by Compromise Technique
Figure 1: Exabeam Proactive Content Monitoring collects data from SaaS customers to send to secure storage for processing and analysis where our content team develops updates based on the highest priority areas. New parsers are delivered seamlessly into all customer environments via Content over Cloud, without customers needing to open a support ticket.
 

Better quality, fewer tickets

Proactive Content Monitoring, in combination with Content over Cloud, allows customers to receive a content fix without ever lifting a finger to open a ticket. That’s more time for you to go back to catching bad guys.

Do I need SaaS?

To provide insights to the content team on parser quality and performance, customers must have Advanced Analytics in a SaaS environment. Updates derived from Proactive Content Monitoring are available to both on premises and SaaS customers who have Advanced Analytics i54 via Content over Cloud.

Stay tuned

The current release includes updates for parsers for Advanced Analytics, with other types of content and support for Data Lake planned for the future.

Interested in learning more about Content Over Cloud? Check out our technical documentation for more information.

Recent SIEM Articles
Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

The SolarWinds compromise that affected multiple key federal...

New Features in Exabeam Content Library Now Available 

Exabeam recently released an update to its Content Library, ...

Escaping Dante’s SOC Inferno: Greed and the Gimme Mindset 

Let’s face it, we live in a mobile-first, always-on, data-...

Escaping Dante’s SOC Inferno: The Anger of Shattered Dreams  

What the…Hell? (An Open Letter) Cutting straight to th...

Auto Parser Generator Now Available for Customers

Exabeam recently released Auto Parser Generator, a new tool ...




Recent Information Security Articles
Advanced Analytics Use Case: Detecting Compromised Credentials 

Stolen credentials have been a persistent problem, and organ...

Outcomes Above All: Helping Security Teams Outsmart the Odds

Author: Sherry Lowe, Chief Marketing Officer The world’s g...

Ethical Hacking: Why It’s Important & What Makes a Good Hacker

What Is ethical hacking? Ethical hacking is a practice where...

Understanding Cloud DLP: Key Features and Best Practices

Cloud DLP enables organizations to protect data residing in ...

How Lineas, Europe’s Largest Private Rail Freight Operator Found the Right Cybersecurity Tool

Vital infrastructure has become an area of concern for cyber...

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Learn what an insider threat is and how they can hurt an org...