Exabeam User and Entity Behavior Analytics Solution Certified with HP ArcSight - Exabeam

Exabeam User and Entity Behavior Analytics Solution Certified with HP ArcSight

September 03, 2015


Reading time
2 mins


Today we are excited to add HP ArcSight Enterprise Security Management to our list of supported SIEM solutions. ArcSight customers can now use Exabeam user behavior analytics to rapidly detect attacks that have evaded traditional signature and rule-based security solutions and accelerate incident response.

So what does this mean for ArcSight customers? This certification enables ArcSight customers to enhance their existing investment and infrastructure by leveraging machine learning and data analytics to find compromised insiders, rogue insiders and the lateral movement of the attack chain.

With Exabeam onboard, ArcSight customers can perform continuous and real-time analysis of their log data and find out answers to the unknowns within the environment: What is the normal behavior of a specific user in the environment? What are all the systems accessed by a user whose laptop is infected with malware? Who are the administrative accounts etc.? What is the risk of Joe using the VPN at an odd time, from a strange location, with a new device, accessing three new systems and switching identities? In essence, instead of security teams manually writing rules to interpret data (you need to know what you are looking for…), Exabeam leverages advanced techniques in statistics and machine-learning for rapid threat detection.

Bi-directional Information Share: We leverage the high-value data feeds (such as authentication events, security alert feeds, account activities) from ArcSight directly and assemble user sessions to track and present a timeline of all user activities across multiple dimensions. By using behavior modeling and data science, anomalies are exposed and flagged. The combination of user session assembly and cumulative risk scoring enables security analysts to focus on the riskiest users and their activities, rather than wasting time on an overwhelming amount of noise.


ArcSight customers get all these additional analytics without the need to deploy network taps, connectors, etc. Exabeam will send the high-risk sessions and the list of anomalies into incident review and investigation workflows already adopted by security teams. Furthermore, as part of the analysis pipeline, Exabeam enriches log data fetched from ArcSight with contextual information from Active Directory, CMDB, HR Management Systems, threat intelligence feeds etc. for precision in identifying anomalous behavior and reducing false positives.

Tags: Product,

Similar Posts

A Crash Course on Security Analytics — And How to Spot Fake UEBA From a Mile Away

Exabeam in Action: Stopping Lapsus$ in Their Tracks

Ransomware: Bigger, Better, and Still Going Strong

Recent Posts

What’s New in Exabeam Product Development – September 2022

Exabeam News Wrap-up – Week of September 19, 2022

Exabeam News Wrap-up – Week of September 12, 2022

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!