Skip to main content



Cyber threats can attack your organization in multiple ways—through locked accounts, user impersonation, and siphoning data. Exabeam User and Entity Behavior Analytics gives you the ability to track threats across multiple tactics and removes the analysis boundaries between physical and cloud infrastructures. We can even help your other security measures work more efficiently.

Insider Threat

Insider threats, whether from employees, contractors, or partners, can have significant impact on business operations. Stolen IP during a merger or layoff can reach up to the CEO and beyond. Exabeam helps detect and respond to insider threats by quickly analyzing the behavior of every user on the network for unusual activity that increases business risk. With built-in collectors from systems including badge readers, USB drives, print servers, email, etc., Exabeam can collect and apply machine learning to insider threat activity. Unlimited data collection and search enables complete reporting for legal and HR purposes. Instant investigation timelines can show, in great detail, how an insider accessed data and was planning to exfiltrate it. Exabeam Threat Hunter enables analysts to proactively search for behavior that matches any patterns or attributes. The results are shown in a coherent timeline for further investigation. If an insider threat is detected, Exabeam Incident Responder can execute playbooks that protect information, notify and support legal investigations, and enable consistent best practices for response.

insider threat

User and Entity Behavior Analytics

With more UEBA deployments than any other vendor, Exabeam is a market leader in User and Entity Behavior Analytics. Through deep learning and AI models, Exabeam UEBA is the only solution that presents the complete attack chain, including both normal and anomalous activity, for every user. This increases detection effectiveness of credential-based threats, versus other UEBA products that only show anomalies. With Exabeam, an analyst can easily understand whether a particular user action is unusual or risky.
Exabeam UEBA also enables faster and better response when an incident is detected. Exabeam creates coherent investigation timelines, in seconds, that would normally take hours or days for an analyst to complete. This improves response effectiveness, as IR teams no longer need to wait for days before remediation.

ueba-compromised credentials

Data Loss Prevention

DLP technologies have two significant issues: lots of false positives and noise, and limited visibility to the broader attack. Exabeam addresses both, and makes DLP initiatives much more effective and efficient. First, Exabeam can model activity within the DLP engine itself, to reduce false positives. That is, Exabeam analyzes the alerts coming from a DLP engine and baselines normal activity. When true DLP anomalies occur, only Exabeam is able to spot them quickly, thereby ensuring that they aren’t ignored by analysts.This can dramatically improve productivity of DLP analysts who must review quarantined email, files, etc. following a DLP alert. Next, Exabeam places DLP activity, e.g. User X attached a confidential file to an email, within a larger activity timeline. This can show very clearly how an attack unfolds. For example, the Exabeam timeline might show that User X logged into the payroll database using a shared admin credential, performed a backup to a local file, renamed the file with a different extension, then emailed the file to an address he’s never sent email to before — a much more useful picture of this overall incident.

data loss prevention

Advanced Threat Detection

Detection of advanced threats requires advanced security solutions: real time analytics and the ability to find signals within the very noisy modern security environment. Exabeam delivers advanced threat detection through a combination of machine learning and AI models, combined with a unique session data model that supports real time risk scoring. Key indicators of emerging advanced threats include lateral movement, where the attacker silently attempts to access multiple servers on the network, and account management, where the attacker escalates privilege or creates new privileged accounts. In these and other cases, Exabeam automatically analyzes and scores activity for escalated risk. The result is fast, automatic detection of breaking advanced threats, including ransomware, spear phishing, and data exfiltration.
account lockout

 

Compliance Reporting

Many data security regulations, such as the General Data Protection Regulation (GDPR), CBEST, PCI DSS, HITECH, etc., require organizations to demonstrate effective controls to protect customer data. Exabeam supports compliance reporting and audits with an unlimited log data management system that can store seven or more years’ of data easily, making it easy to provide comprehensive reports to internal and external auditors.

Exabeam analytics and response supports protection over data access and loss, and can provide auditors with demonstrably effective controls. For example, Exabeam can show, on demand, every access to a confidential set of customer information, as well as the expected risk of each access and of each user.

account lockout

 

Breach Investigation

When a breach is detected, the organization must quickly determine who was involved, which systems were compromised, what happened to the information, how it happened, and whether the breach is still underway. For most security teams, this investigation can be a challenge, due to time or expertise issues. As a result, many firms must hire expensive consultants or specialized firms such as Mandiant (FireEye).

Exabeam can be rapidly deployed within hours of breach detection, and can provide comprehensive investigation timelines including lateral movement, often before a consulting firm has completed writing a contract. If Exabeam was already in place, it can dramatically shrink the time window to recover from the breach by showing every affected system. Many forensics firms prefer Exabeam as a breach remediation tool, as it increases the productivity of their own experts.

breach investigation
2017