Exabeam, a global cybersecurity pioneer that delivers AI-driven security operations, announced Investigation Timelines™ within the Exabeam Search™ application, a powerful new capability on the Exabeam Security Operations Platform™.
An industry-first, Investigation Timelines break down silos and simplify investigations for security analysts with integrated cross-platform workflows. Designed to empower security teams amid growing threats and skills shortages, this innovative capability provides instant visualizations of chronological events for any search result or filter.
Automate analysis workflows
“Security operations personnel are struggling to keep pace with cyberthreats, including those increasingly fueled by AI. They’ve been asking for the ability to automate analysis workflows and streamline the examination of incidents, and we’re delivering the ability to timeline anything to help significantly decrease response times,” said Steve Wilson, Chief Product Officer at Exabeam.
“Investigation Timelines are not just a technological advancement—they are a strategic ally and guide, helping analysts understand the chronological story of what took place before, during, and after an attack, piece together what really happened, and shut adversaries down.”
Exabeam’s revolutionary Smart Timelines™
Investigation Timelines go much deeper and are designed to allow analysts to timeline any entity
An evolution of Exabeam’s revolutionary Smart Timelines™, Investigation Timelines go much deeper and are designed to allow analysts to timeline any entity, artifact, or field within the Search experience. This means they can now build timelines not just for users and hosts but applications and processes too.
In addition, analysts can build timelines that group any of these details together. The timelines offer more granular visibility and at the same time simplify the overall investigation experience.
Exabeam’s well-known Smart Timelines
“Investigation Timelines expand the scope of what analysts can see and essentially bring Exabeam’s well-known Smart Timelines into Exabeam Search so that they no longer have to pivot between views during investigations,” said Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks.
“The new timelines greatly speed up threat hunting by giving far more context inside Search which will make it even easier to explain what happened around any suspicious activities.”
Key challenges
Investigation Timelines is designed to help security analysts and threat hunters solve many of their key challenges:
- Fragmented investigations: Most products require switching between security tools for investigations. By integrating threat investigation capabilities within the Exabeam Search app, users gain a more streamlined investigation workflow which is designed to drastically improve productivity.
- Inconsistent investigations: With other products, analysts can investigate the same threat, manually attempt to piece together actions, and each reach a different conclusion. Investigation Timelines provides a consistent experience by combining the automated behavior analysis of every single event. This is designed to ensure more consistent investigations for analysts at any skill level.
- Overwhelming number of events: Search results often return too many total events, most with unspecific conclusions. Enhanced search and filter options within the timeline view can now indicate the risk levels of events and link detections to the triggering ones automatically, reducing manual analysis and research. This helps analysts arrive more quickly at what actually happened before, during, and after an attack.
- Inadequate investigation capabilities of traditional SIEM and log management tools: Most products provide a list view when searching for an indicator of compromise (IoC). Investigation Timelines provides both an event view and a comprehensive timeline view showing both normal and abnormal behavior.
Investigation Timelines is designed to transform the way security teams perform threat detection, investigation, and response (TDIR) and is expected to be generally available in Q2 2024.
