When a company’s CFO approves the purchase order for the Exabeam Security Management Platform (SMP), a big closing point is the promise of more productivity. “We’ll make your security analysts more productive,” sounds sweet to business leaders because optimizing time spent by hard-to-find technology talent is a quick way to grow the bottom line. New numbers have just arrived in a Ponemon Institute study commissioned by Exabeam that paint a vivid picture of exactly how much more productivity is delivered by our security incident and event management (SIEM) solution.

The report, Exabeam SIEM Productivity Study, seeks to understand how Exabeam SMP compares to other SIEM solutions in terms of saving time and increasing productivity, realizing value and improving security effectiveness. This blog describes key findings and how analysts using Exabeam SMP reduce their time spent on security duties by an average of 51% compared to 31% for other SIEMs.

Gathering & Evaluating Actionable Intelligence – Time Reduced 48%

A huge time sink for many analysts is gathering and evaluating actionable intelligence. Typically, this information is gathered from many tools and third-party sources. Often this intelligence is “siloed” because the respective monitoring tools are owned and operated by different functional areas. Gathering the information is not the only challenge. Obscure log files and hard-to-understand reports may demand laborious parsing by senior analysts to fully decipher their cyber mysteries.

Ponemon found that with the use of Exabeam, the average number of hours spent each week gathering actionable intelligence about cyber threats and vulnerabilities decreased 45%. Time for evaluation of this material decreased 51% for a combined average decrease of 48% in this area. By contrast, other SIEM solutions reduced this time by a combined average of just 23%.

Average hours spent each week evaluating actionable intelligence

Figure 1. Average hours spent each week evaluating actionable intelligence, before and after the use of Exabeam and current SIEM solution.

Enabling Feature: Exabeam Advanced Analytics. Advanced Analytics provides modern threat detection using behavioral modeling and machine learning. It automatically generates easy-to-understand insights, which dramatically reduces the amount of time spent by analysts in gathering and evaluating actionable intelligence.

Time Investigating Actionable Intelligence – Time Reduced 52%

Investigation is a time when the spotlight shines on a security analyst because there is a probable clear and present danger of a threat and potentially a breach. Time is of the essence to understand which threats pose the greatest risk and to identify probable root cause as a prerequisite to remediation. Exabeam reduces the average hours by 52% spent each week by analysts on investigating actionable intelligence and building incident timelines. Other SIEM solutions achieved a reduction of just 39%.

Average hours spent each week investigating actionable intelligence and building incident timelines

Figure 2. Average hours spent each week investigating actionable intelligence and building incident timelines, before and after the use of Exabeam and current SIEM solution.

Enabling Feature: Exabeam Threat Hunter. This point-and-click interface removes the need to create complex search queries during investigations. There is no requirement to learn a new query. Experienced and new analysts alike can quickly and easily engage in threat hunting by developing searches that otherwise have been extremely difficult or impossible using traditional queries.

Responding to Erroneous Alerts – Time Reduced 54%

One of an analyst’s least favorite activities is wasting time chasing down false positives. Unfortunately, responding to erroneous alerts is one of the most time-consuming activities for security teams. These activities are laborious and may consume hours a day – often with little or nothing to show as a result. Ponemon discovered security analysts are more efficient with Exabeam. On average, hours wasted by analysts because alerts or indicators of compromise they chase are erroneous dropped 54%. By comparison, users of other SIEM solutions reported reductions averaging just 33%.

Average hours wasted by security personnel because alerts or IOCs they chase are erroneous

Figure 3. Average hours wasted by security personnel because alerts or IOCs they chase are erroneous, before and after the use of Exabeam and current SIEM solution.

Enabling Feature: Exabeam Smart Timelines. The machine-built timelines flag anomalies and display details of an incident for the full scope of the event and its context. Smart Timelines dramatically reduce time wasted by combing through raw logs and investigating a river of alerts and incidents. Instead, they focus analysts on related alerts that matter. What took weeks to investigate in a legacy SIEM can now be done in seconds with a timeline automatically created by Exabeam’s user and entity behavior analytics (UEBA) security solution.

Remediating Incidents – Time Reduced 47%

Remediation reduces risks of a compromise or breach. Remediation is a time-consuming activity as it frequently entails many manual efforts for cleaning, fixing and/or patching networks, applications and devices as a result of an incident. Respondents to the Ponemon survey said the use of Exabeam SMP reduced average hours spent each week on remediation by 47%. Users of other SIEM solutions reported an average reduction of just 28%.

Average hours spent each week cleaning, fixing and/or patching networks, applications and devices as a result of an incident

Figure 4. Average hours spent each week cleaning, fixing and/or patching networks, applications and devices as a result of an incident, before and after the use of Exabeam and current SIEM solution.

Enabling Feature: Exabeam Incident Responder. Incident Responder dramatically reduces detailed manual efforts in remediating known threats. Incident Responder playbooks take programmatic actions that are semi or fully automated. Teams can automate investigations, gathering of evidence, containment, and mitigation to improve the success of cyber security incident response processes.

Conclusion

Saving time and increasing productivity are important considerations for selecting a SIEM. Given the relatively higher compensation levels of hard-to-find, experienced security professionals, providing these team members with tools that save time and boost productivity will directly benefit an organization’s bottom line. And they help an organization get to a more secure point faster! As revealed by the Ponemon study, Exabeam provides superior time savings and productivity gains – an average of 51% reported by users. We invite you to read the full report, Exabeam SIEM Productivity Study to learn more about these efficiencies and other measures of how Exabeam users are benefiting from using our SIEM.

Vice President of Product Marketing

More like this

If you’d like to see more content like this, subscribe to the Exabeam Blog

Subscribe