Sylvain Gil

Exabeam, the next-gen SIEM company, announced a new product that uses machine learning to spot compromised IoT and other devices. Exabeam Entity Analytics discovers the normal behavior of medical, industrial, networking, home and mobile devices, and uses that baseline to alert security teams when unusual events occur. Device security is becoming increasingly important as the number of networked devices grows. According to Gartner, over 8 billion IoT devices were in use in 2017. Many of these devices are vulnerable due to default credentials, un-updated software, or lack of management. Recent stories of CCTV cameras used to mount denial of service attacks, compromised HVAC systems used to gain entry into corporate networks, medical devices hacked to disrupt medical care, and even drones used to compromise IoT light bulbs, illustrate the scope of the problem.Security administrators are presented with a prioritized list of risky devices for investigation IoT Devices And Data Security To combat compromised devices, Exabeam Entity Analytics uses machine logs to monitor for suspicious activity, including devices trying to access proprietary servers or networks, uploading or downloading larger than usual volumes of information, or sending packets to unusual locations or in unusual patterns. Security administrators are presented with a prioritized list of risky devices for investigation, with the potential to automatically remediate the problem by isolating it on the network or potentially reconfiguring. Key Features Include: Automatic creation of activity timelines for devices, giving analysts a full picture of when a device started demonstrating unexpected behaviour Calculation of risk scores for each device, with detail drill down and pivoting to speed investigation Unsupervised machine learning that automatically discovers normal behaviour of all devices on a network “Humans are really only half of the problem, and maybe not even half given how fast robotization and automation are growing,” said Sylvain Gil, vice president of product at Exabeam. “To help identify risky devices, we took the same analytics engine we perfected for user behaviour and applied it to the device problem, with the same timelines and risk scores that have really helped our customers.”

Exabeam, a developer of security intelligence solutions, has announced Exabeam Data Lake, a security data lake that enables organizations to easily store and access critical log data in the enterprise. With the growing abundance of data in the enterprise that comes from network devices, endpoint computers, servers and security products, security analysts need an easy way to store and extract insights from that data. Security data lakes enable analysts to access logs from relevant systems to detect suspicious user activity, while automating the connection to various types of logs and the processing of the data to simplify the overall approach. Enhanced Analytics And Compliance Reporting Exabeam Data Lake, formerly Exabeam Log Manager, centralizes all relevant logs to reduce the work of collecting logs from multiple systems. It is built on proven, open source, big data technology, providing unlimited security data collection, indexing, and search at a predictable price. Exabeam Data Lake not only supports better analytics, but also enables more comprehensive compliance reporting. New features of Exabeam Data Lake include: Customized user interface: A customization of the Kibana visualization plugin tailored to meet the needs of security teams, which simplifies the visualization creation process and enables security analysts to more easily craft custom reports and dashboards. Tighter bi-directional product integration: Optimized data ingestion between Data Lake and Exabeam Advanced Analytics supports a wide variety of threat detection use cases. This integration also improves the ability of Advanced Analytics to leverage its machine learning engine to enrich logs in Data Lake. New data sources: Data Lake now has a database collector which enables logs to be collected from remote Microsoft SQL Server and MySQL databases. This allows the Exabeam Security Intelligence Platform to deliver on additional compliance and database activity monitoring use cases. Improved user management: Role-based access control for all aspects of the Data Lake application and UI access to support data privacy initiatives and to implement separation of duties. “Most large organizations have billions of security-related logs per day and security analysts need to be able to automatically and intelligently parse critical data,” said Sylvain Gil, co-founder and vice president of products. “Exabeam Data Lake allows security teams to organize their logs and enrich them with important contextual information. It adds much needed accuracy and efficiency into the exercise of detecting suspicious activity like insider threats, as well as performing incident investigation.”