Introducing Exabeam Threat Hunter - Exabeam

Introducing Exabeam Threat Hunter

Published
February 17, 2016

Author
admin

Today we announced the availability of Exabeam Threat Hunter, a new product that raises the bar for the UBA market. While UBA is focused on using data science to notify an analyst about users who deserve attention, Threat Hunter completes the picture by giving an analyst the ability to query, pivot, and drill down into user sessions that match any combination of attributes and activities. In short, if UBA is about the machine telling the analyst what to watch, Threat Hunter is about the analyst telling the machine what to find.

Ex_TH_EnterParameters.png

In the example above, a SOC analyst is concerned that a recent malware attack in the marketing department might not be completely removed. The analyst begins by using Threat Hunter to ask for every Marketing user who recently tried to perform account management (account creation, privilege escalation) and also had failed logons or an account lockout. Threat Hunter quickly returns all user sessions that fit the criteria, below:

EX_TH_ResultsList.png

The analyst filters the result set further by also asking for sessions where the password was recently changed. We see a web developer in the marketing group with many recent failed logons, account management activity, and password changes.

Clicking on this session, Threat Hunter instantly displays the activities within this employee’s session, the reasons behind the risk elevation, and her baseline behavior. For example, on the right we can see  the times she is normally in the office and working. Taken together, the results show a user whose account has likely been compromised and is being used for data exfiltration or in preparation of some other attack.

Ex_TH_AngellaDetail.png 

Again, the analyst wasn’t required to understand the structure of the underlying logs nor the search language of the underlying SIEM system — Splunk expertise is not required. Threat Hunter puts advanced search tools in the hands of users who need them, enabling more effective detection of subtle attacks. Used with Exabeam’s flagship UBA product, Threat Hunter improves threat detection and SOC efficiency, making SOC and IR teams much more productive.

Want to learn more? Download a data sheet or register here for a live demo of Threat Hunter today.

Recent SIEM Articles

New Logging Standard for Federal Cyber Detection and Response

Read More

Hitting “Refresh” on Federal Cybersecurity in 2021

Read More

Cloud SIEM: Features, Capabilities, and Advantages

Read More

Exabeam Adds Automated Incident Diagnosis to Speed Investigations

Read More

Exabeam Fusion XDR and Exabeam Fusion SIEM now available in Google Cloud Marketplace

Read More



Recent Information Security Articles

7 Detection Tips for the Log4j2 Vulnerability

Read More

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

5 Security Questions to Consider this Holiday Season

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More