Exabeam User and Entity Behavior Analytics Solution Certified with HP ArcSight - Exabeam

Exabeam User and Entity Behavior Analytics Solution Certified with HP ArcSight

Published
September 03, 2015

Author
Than Tran

Introduction:

Today we are excited to add HP ArcSight Enterprise Security Management to our list of supported SIEM solutions. ArcSight customers can now use Exabeam user behavior analytics to rapidly detect attacks that have evaded traditional signature and rule-based security solutions and accelerate incident response.

So what does this mean for ArcSight customers? This certification enables ArcSight customers to enhance their existing investment and infrastructure by leveraging machine learning and data analytics to find compromised insiders, rogue insiders and the lateral movement of the attack chain.

With Exabeam onboard, ArcSight customers can perform continuous and real-time analysis of their log data and find out answers to the unknowns within the environment: What is the normal behavior of a specific user in the environment? What are all the systems accessed by a user whose laptop is infected with malware? Who are the administrative accounts etc.? What is the risk of Joe using the VPN at an odd time, from a strange location, with a new device, accessing three new systems and switching identities? In essence, instead of security teams manually writing rules to interpret data (you need to know what you are looking for…), Exabeam leverages advanced techniques in statistics and machine-learning for rapid threat detection.

Bi-directional Information Share: We leverage the high-value data feeds (such as authentication events, security alert feeds, account activities) from ArcSight directly and assemble user sessions to track and present a timeline of all user activities across multiple dimensions. By using behavior modeling and data science, anomalies are exposed and flagged. The combination of user session assembly and cumulative risk scoring enables security analysts to focus on the riskiest users and their activities, rather than wasting time on an overwhelming amount of noise.

Summary:

ArcSight customers get all these additional analytics without the need to deploy network taps, connectors, etc. Exabeam will send the high-risk sessions and the list of anomalies into incident review and investigation workflows already adopted by security teams. Furthermore, as part of the analysis pipeline, Exabeam enriches log data fetched from ArcSight with contextual information from Active Directory, CMDB, HR Management Systems, threat intelligence feeds etc. for precision in identifying anomalous behavior and reducing false positives.

Recent UEBA Articles

Insider Threat Examples: 3 Famous Cases and 4 Preventive Measures

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Read More

Using Advanced Analytics to Detect and Stop Threats [White Paper]

Read More

Understanding Insider Threat Detection Tools

Read More



Recent Information Security Articles

SIEM Gartner: Get the 2021 Magic Quadrant Report

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More