Exabeam, the security analytics, and automation company announce Exabeam Fusion XDR and Exabeam Fusion SIEM, two new powerful cloud-delivered security products that efficiently solve threat detection, investigation, and response (TDIR) without disrupting an organization’s existing technology stack. Exabeam Fusion products integrate behavioral analytics and automation capabilities to deliver the outcomes-based approach to security operations (SecOps). The Fusion product line showcases an open system approach to extended detection and response (XDR) and security information and event management (SIEM) enabling any organization to acquire an advanced TDIR layer on top of existing IT and security stacks. Advanced behavior analytics Exabeam is also announcing the general availability of its TDIR use case packages that are integrated into Fusion XDR and Fusion SIEM. “We’ve been using Exabeam as our XDR for some time now as the technology can see and connect data from far more locations than just our endpoint detection and response solutions,” said Marc Crudgington, CISO at Woodforest National Bank. Exabeam is also announcing the general availability of its TDIR use case packages “It’s exciting to see Exabeam package its advanced behavior analytics and automation capabilities into these forward-thinking cloud products. We rely on Exabeam Fusion XDR in our SOC operations to help us more quickly detect, investigate and remediate threats — an essential outcome in keeping our networks, business operations, employee and customer data continuously protected.” Malicious insider attacks Exabeam is reimagining XDR with the launch of Fusion. Effective SOCs have clearly defined outcomes aligned to TDIR workflows. The cloud-delivered products contain prescriptive workflows guided by pre-packaged, use case specific content to enable security analysts to defend against common and evolving threats including external, compromised insider, and malicious insider attacks. “Breach scenarios are still too frequent, with common attack techniques like lateral movement, data exfiltration, and privilege escalation appearing legitimate or spanning across siloed security products,” said Adam Geller, chief product officer at Exabeam. Security analytics tools The majority of security analytics tools on the market only automate detection and response “When security analysts are unable to connect the dots between various systems, malicious attacks go undetected and lead to security breaches. Delivering Exabeam Fusion XDR and Exabeam Fusion SIEM from the cloud enables us to accelerate feature and functionality development, while deploying a use case framework that consistently delivers successful outcomes for our customers.” According to an Exabeam-sponsored Ponemon research study that surveyed 596 IT and IT security practitioners, security teams spend 12 percent of their time detecting threats, 36 percent triaging, 26 percent investigating, and 26 percent responding. The majority of security analytics tools on the market only automate detection and response. The Fusion product line automates 100 percent of the TDIR workflow, including the bulk of the time it takes — 62 percent — for security teams to conduct triage and investigation. Critical security issues Exabeam Fusion combines behavior analytics, TDIR automation, and pre-built integrations with hundreds of third-party security and productivity tools to overcome weak signals from multiple products and find complex threats missed by other tools. Exabeam Fusion offerings accurately differentiate normal behavior from abnormal activity Customers can easily identify and respond to critical security issues, intrusions, and attacks from a single, centralized control plane, substantially increasing analyst productivity and reducing response times. Exabeam Fusion offerings accurately differentiate normal behavior from abnormal activity, apply risk scoring to identify notable users and events, and build Smart Timelines™ to automatically reconstruct security incidents providing accelerated investigation and response. Cloud-Delivered products “With Exabeam Fusion, organizations can unify their current security tools to more efficiently detect, investigate, and respond to threats without the need for large-scale rip and replacements of their entire security stack,” said Ralph Pisani, President at Exabeam. “Our customers can keep their existing tools and merge our fully automated TDIR layer on top to benefit from Exabeam’s fast innovation, superior experience and accelerated time to value.” Gorka Sadowski, chief strategy officer at Exabeam, added, “The Fusion product launch is in line with our strategic direction to expand beyond SIEM and solve the industry’s biggest SecOps challenges by offering a set of world-class, cloud-delivered products and solutions to the marketplace.” Exabeam Fusion SIEM includes all Fusion XDR features and capabilities plus access to centralized log storage, powerful search, and compliance reporting. Fusion XDR and Fusion SIEM come in two editions, Core and Enterprise, to support organizations of all sizes.
Exabeam, the security analytics, and automation company announces Exabeam Alert Triage, a new cloud-native application that will help security analysts confidently wrangle the overwhelming number of alerts coming at them each day from a myriad of other third-party vendor tools. Included as a new integrated application for all cloud customers using Exabeam advanced analytics and Exabeam case manager, Alert Triage enriches alerts with context and presents them in a single screen so analysts can make faster decisions about which alerts to escalate or dismiss. It also ensures analysts don’t miss the critical alerts that require escalation to prevent breaches. Receiving security alerts “Analysts receive thousands of security alerts a day spread across disparate tools. Unable to keep up with the volume, they must ignore a significant number of them, which leaves their organizations vulnerable to threats,” said Adam Geller, chief product officer at Exabeam. “We developed the Alert Triage application to provide automation throughout the triage workflow so security analysts can be freed up to focus on what matters most -- fortifying their organization's cybersecurity defenses to prevent breaches.” Analysts receive thousands of security alerts a day spread across disparate tools" “We’ve had great success running Alert Triage in its beta version. At first, watching so many alerts get centralized into a single screen was somewhat unbelievable, but Exabeam has done it,” said Zane Gittins, IT security specialist at Meissner. “It’s been refreshing to not have to go from app to app to look at different alerts and it absolutely reduces the time it takes to triage them.” Traditional triage workflows Security personnel say they are only able to investigate 45% of the daily alerts they receive, according to research from the Ponemon Institute. The report surveyed 596 IT and security practitioners and also found that 33% of alerts in traditional SIEMs are false positives. The traditional triage process requires analysts to first determine what the alert is for (users or entities), gather the right contextual information (positions, locations, sources, etc.), and then sift through logs to determine the priority of the alert. Next, an analyst must decide whether or not to escalate it for further review. Blending traditional triage workflows with context generated from machine learning-based analytics, Alert Triage does this time-consuming and tedious work automatically. It categorizes, aggregates, and enriches alerts with contextual data including host, IP, severity of alerts, related behavioral anomalies, and overall risk scores of associated users and entities. Incident response team The ability to categorize alerts allows managers to create and assign channels to team members From the security alert, analysts can easily navigate to an associated user or entity timeline to understand what happened before and after the alert was triggered. Armed with context to understand the scope of the security alert, analysts can rapidly and confidently dismiss or escalate the alert to the incident response team. Alert Triage benefits include: Visibility - Centralizing the alert triage process and organizing an analyst's triage efforts enables analysts to review alerts faster. Visibility into all of the alerts that security tools have triggered in an organization minimizes the likelihood that an alert is missed or overlooked. Focus - The ability to categorize alerts allows managers to create and assign channels to team members. A channel helps focus an analyst’s attention on a specific type of alert and allows them to develop subject matter expertise. Productivity - An analyst can triage alerts in aggregate batches, which boosts their productivity. Greater productivity means analysts are able to review a higher percentage of incoming alerts and reduce the possibility that an alert will go unreviewed and lead to a breach. Latest security incidents "When we look at the latest security incidents such as the SolarWinds or Microsoft Exchange attacks, more likely than not, the impacted organizations had at least one security alert generated about the threats from one of their third-party security vendor tools,” said Gorka Sadowski, chief strategy officer at Exabeam. “Unfortunately, that alert was likely drowned in all of the other false positive alerts and had to be discarded. Exabeam helps our customers spend time on the alerts that really matter."
Exabeam, the security analytics, and automation company announces a set of new functionalities aligned across Exabeam’s products to solve specific security challenges. The new Threat Detection, Investigation & Response (TDIR) use case packages provide a powerful, prescriptive solution to help security operations centers (SOCs) improve workflows from collection to detection, investigation, and response using an outcome-based approach. Prescribed data sources Generally available in Q2 2021, the TDIR packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists, and response playbooks to assist analysts with repeatedly delivering successful outcomes. “Organizations struggle with failed security implementations because they lack the specialized expertise, detection logic, and clearly mapped investigation and response workflows for common threats,” said Adam Geller, chief product officer at Exabeam. “Consequently, organizations waste time and resources customizing products with minimal improvement to their security coverage. With our framework for use cases, security analysts benefit from comprehensive out-of-the-box content so they can be confident in their ability to deliver repeatable, successful outcomes that will improve their security and translate into significant amounts of saved time and resources.” Providing designed functionality Exabeam’s TDIR use case packages provide the prescribed content needed to get us there" “We were able to quickly turn on the 'out of the box' use cases and integrate with our systems and processes, improving our detect and response capabilities,” said Jennifer Shields, vice president of information technology, Procter & Gamble. “Directly mapping common security use cases to response workflows is critical for SecOps success,” said Marc Crudgington, CISO, SVP information security, Woodforest National Bank. “We look forward to working with Exabeam as its new TDIR framework helps our industry become far more use case-driven.” “Automated TDIR workflows that are outcome-driven, prescriptive and analytics-powered are required to mature and fortify a healthcare SOC today,” said Joe Horvath, manager, information security, Kelsey-Seybold Clinic. “Exabeam’s TDIR use case packages provide the prescribed content needed to get us there.” Most security products were designed to provide functionality, not results. Simplifying analyst workflows The new TDIR use case packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats: External threat use cases that include phishing, malware, ransomware, cryptomining, and brute force attacks. Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement, and data exfiltration. Malicious insider use cases that include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak, and destruction of data. Common security scenarios Unlike competing solutions, where coverage for common threats is limited to detection logic, Exabeam’s framework includes content for all phases of threat detection, investigation, and response. This includes comprehensive onboarding guidance for which specific data sources and context are required to achieve the most successful outcomes. The TDIR framework also includes: Out-of-the-box detection models that incorporate coverage for specific adversary tactics and techniques. These are mapped to the MITRE ATT&CK framework to give security teams a common framework for detection. Tailored watchlists that can be set up to allow analysts to monitor high-risk users and devices. Investigation checklists that include a curated list of investigation, containment, and remediation steps. This allows analysts to follow a consistent and repeatable investigation and response workflow. Turnkey playbooks that contain automatable response actions for addressing common security scenarios without requiring customers to license or configure additional third-party software. These ensure analysts are able to respond in a timely and consistent manner. Insider threat program “Outcome-based security with prescriptive approaches are strategic to the industry, and this represents a great win for Exabeam customers. These approaches are fundamental to the success of SecOps initiatives,” said Gorka Sadowski, chief strategy officer at Exabeam. “As an example, organizations looking to deploy or improve their insider threat program will be able to quickly gain visibility and response capabilities into malicious behavior and compromised accounts.”
Exabeam, the Smarter SIEM™ company, announced the appointment of industry veteran and former Gartner analyst Gorka Sadowski to chief strategy officer. Exabeam has grown rapidly over the past six years as it has executed on its vision for enhancing security teams with analytics and automation. As the types of attacks and number of attackers proliferate, strategic clarity becomes increasingly important to meet future demands, both for Exabeam and its customers. Sadowski’s guidance will be especially important at a time when so many security organizations are under-staffed and feeling overwhelmed by the number of security events they have to investigate. Sustaining corporate strategic initiatives In his role, Sadowski will be responsible for developing, executing and sustaining corporate strategic initiatives In his role, Sadowski will be responsible for developing, executing and sustaining corporate strategic initiatives. He will also serve as a sounding board for the Exabeam product roadmap and vision to drive growth. Reporting directly to CEO Nir Polak, he’ll work with professionals across the organization on cross-functional initiatives and educate prospective customers, partners, analysts and media on the value of analytics and automation in a security program. Throughout Sadowski’s 30-year cybersecurity career, he has held roles spanning marketing, business development, strategy and sales and gained a deep understanding of the trends and risks of the industry. Before joining the Exabeam team, he served as a senior director and analyst at Gartner, focused on security operations for the IT industry. Managed detection and response At the analyst firm, he was responsible for consulting with clients and working with a wide variety of security vendors to drive coverage for SIEM, SOC futures and trends, and managed detection and response (MDR). He authored and co-authored Gartner’s Magic Quadrant and Critical Capabilities research on SIEM. Prior to joining Gartner, Sadowski also served as the director of business development at Splunk, where he was responsible for building the security ecosystem from strategy to execution. He was also responsible for creating and implementing Splunk’s Partner Pavilion at Splunk, where he was first introduced to Exabeam. Security analytics space Before his tenure at Splunk, he established presence for LogLogic in Southern Europe, ran security go-to-market activities At this event, he saw Exabeam emerge as the most promising organization in the security analytics space. Before his tenure at Splunk, he established presence for LogLogic in Southern Europe, ran security go-to-market activities, including security consulting, delivery and service packaging, for Unisys in France, and launched the first partner-led intrusion detection and prevention system (IDPS) in the industry as head of NetScreen’s emerging technology efforts. “The security industry is further aligning to the concept of the customer journey with an iterative and continuous improvement model -- a journey that Exabeam has been on for quite some time,” said Polak. “We are excited to welcome Gorka to the team, as he thoroughly understands what security analysts and leaders need in this competitive market. He has watched us skyrocket from a supplemental technology adding intelligence to vendors like Splunk to also being a SIEM market leader in our own right, and we look forward to the knowledge he will bring to accelerate our growth and industry disruption further.” Prevention and detection and response – Balance approach With investments shifting from preventative measures to a more balanced approach between prevention and detection and response, Sadowski’s expertise will drive Exabeam’s strategy to further align with the needs of the market. Sadowski will work closely with Chief Product Officer Adam Geller to improve how analysts detect and respond to advanced threats such as insider threats and credential-based attacks, with technologies such as the Exabeam Cloud Platform and Exabeam Advanced Analytics. Network security industry “Rarely have I seen such a combination of strategic acumen and execution capabilities in the network security industry. After observing and knowing Exabeam over the years, I am overjoyed to join the company,” Sadowski said. “As the cyberthreat landscape becomes more complex in our distributed but connected world, it is more crucial than ever before to arm security teams with the right tools they need to win the war against cyber adversaries. I look forward to working closely with Nir and the rest of the leadership team to identify key corporate initiatives to further establish Exabeam as the go-to leader in the market.”
During the Black Hat USA 2020 Virtual Event, Exabeam, the Smarter SIEM™ company, announced that customers can now license its cloud SIEM technology by use case, beginning with licensable use cases for expedited insider threat and compromised credential detection. In addition, to simplify the process of acquiring and installing critical security content, the company is unveiling the new Exabeam Content Library, an easy-to-use security content repository to help organizations deploy advanced use cases more efficiently. Exabeam use case content increases threat visibility and enables security operations center (SOC) teams to extract more value from their SIEM. According to the ‘Exabeam 2020 State of the SOC Report,’ security managers and analysts rated their ability to create content the lowest among all hard skills, yet creating rules and models to detect advanced threats, like lateral movement and credential switching, is critical to their security maturity. By providing a simple way to acquire the content needed to detect and remediate these critical security use cases, Exabeam is speeding the time to maturity for organizations. Security business needs “Security use cases for a SIEM tool should be a priority in the CISO’s tool box, and should not only cater to basic security hygiene, for which best practices exist, but also cater to the business needs of the organization,” wrote Gorka Sadowski, senior director analyst at Gartner in a Gartner report. The Content Library is an online repository of knowledge and content that organizations can use to roll out new use cases. The initial release allows customers to quickly map data sources to security use cases and to download the necessary parsers. Exabeam is also announcing new, easy-to-implement content and tools to help customers maintain security as they adapt to a remote workforce. Investigate data exfiltration Exabeam is further enabling security teams to rapidly obtain value by detecting insider threats" Exabeam Cloud Connector for Code42 allows security teams to quickly detect and investigate data exfiltration by departing and remote employees, as well as the leak of high value data during a merger or acquisition. This announcement follows the previous release of the Exabeam Cloud Connector for Zoom. The ability for Exabeam solutions to easily plug into existing security environments enhances SOC team speed and efficacy. “New research shows that one-third of organizations have been hit with successful cyberattacks since the forced move to work from home. As security teams rush to respond to the pandemic and the increase in threats, it is critical that they find cost-effective ways to strengthen and mature their security posture,” commented Adam Geller, chief product officer, Exabeam. “In announcing these innovations, Exabeam is further enabling security teams to rapidly obtain value by detecting insider threats and compromised credentials and improving their security posture for remote employees.” Turnkey Playbooks “Unlike other SIEM vendors, Exabeam has allowed us to quickly add analytics to detect and investigate insider threats without having to replace our existing log management investment,” explained Director Damien Manuel, Cyber Security Research and Innovation Center at Deakin University. “That’s a critical capability in the context of constantly evolving risks and potential vulnerabilities, and it gives us a smarter strategy to protect our organization, employees, customers and data.” Exabeam has also released the first of its previously announced Turnkey Playbooks, automated solutions for common security investigations that do not require third-party licenses or configuration. The new Turnkey Playbook for Threat Intelligence automatically identifies malicious domains, IP addresses, URLs, files, and email addresses with no additional configuration or third-party threat intelligence licenses required.
Artificial Intelligence: Understanding Its Place In Physical SecurityDownload
Delivering Smart, Secure and Healthy Retail Environments with the CloudDownload
Protecting Your Data Against Physical ThreatsDownload
Achieving True Situational Awareness In Operation Centers With Computer Vision & AIDownload