Trevor Daughney

Exabeam, the Smarter SIEM company, and Armis, a provider of agentless enterprise IoT security, announced a partnership that will enable IT cybersecurity teams to identify unmanaged and IoT devices and to monitor their behavior for malicious activity from a single platform. Attackers increasingly target unmanaged, connected devices to gain access to an organization’s corporate network. The integration of Exabeam and Armis solutions classifies managed, unmanaged, and IoT devices connecting to the corporate network and allows security analysts to detect lateral movement and other advanced threats. Unmanaged and IoT device security alerts are also enriched with contextual data and prioritized by risk score to focus analyst efforts on the riskiest incidents and to increase their efficiency and effectiveness. behavioral analytics solution Exabeam recognises the importance of expanding SIEM to unmanaged and IoT devices" The partnership extends the visibility of the Exabeam Security Management Platform (SMP) into IoT devices to identify anomalies and enable security teams to more efficiently detect, prioritize and investigate threats across a broader range of devices. Specifically, it enables Exabeam Entity Analytics, a behavioral analytics solution that leverages both machine learning and behavioral modeling, to identify complex threats on devices, as well as extend detection and investigation of advanced threats to IoT devices. The integrated solution imports alerts and data about IoT devices from Armis into the Exabeam SMP to extend visibility beyond managed IT assets. Prioritize security alerts Exabeam then places Armis security alerts in the context of Exabeam Smart TimelinesTM to enhance analyst productivity by automating tedious investigations with machine-built timelines and ensuring sophisticated attacks involving lateral movement don’t go undetected. By identifying both managed and unmanaged assets connected to the network in this way, users can prioritize security alerts and initiate rapid investigation. “Exabeam recognizes the importance of expanding SIEM to unmanaged and IoT devices, and integrating with a leading agentless device IoT security vendor will provide significant value for organizations that manage infrastructure, industrial facilities, manufacturing and smart cities,” commented Trevor Daughney, VP, Product Marketing, Exabeam. effective security strategies “By partnering with Armis, we help security teams improve their operational efficiency by automating the detection and investigation of attacks using IoT devices.” Armis and Exabeam let organizations safely adopt new devices to drive their business with stronger security" “Organizations are increasingly looking for security solutions that can integrate cybersecurity defense across every kind of connected device in their organization,” said Christopher Dobrec, VP of Product Marketing at Armis. “As the adoption of unmanaged and IoT devices continues to accelerate, it’s vital that the effectiveness of security strategies extends to secure those devices. Together, Armis and Exabeam let organizations safely adopt new devices to drive their business with stronger security and better risk management.” complete asset inventory “Security attacks aren’t limited to devices like laptops and servers. For organizations like ours, it’s imperative for our security team to have visibility into our complete asset inventory, including IoT devices from point of sale terminals to industrial controllers in our manufacturing operations,” said Exabeam customer Rhett Nieto, IT security chief, FEMSA. “In some organizations, IT is responsible only for the desktop, laptops and server rooms, while business units take care of CPS, such as industrial controls, operational technology, industrial IoT (IIoT), public cloud and line of business (LOB)-centric SaaS applications,” commented John Watts, a Gartner analyst, in the June 2020 Gartner report: How to Respond to the 2020 Threat Landscape. configuration management database The report further mentions, “An IT-focused configuration management database (CMDB) only discovers and tracks IT assets, whereas a security team needs a comprehensive asset inventory. Without this view, threats are missed, and vulnerable assets are not addressed. This requires a partnership between IT and the LOBs to ensure that an adequate inventory of all assets is available and current.”

Exabeam, the next-gen SIEM company, has announced two new features: Exabeam Smart Timelines and a single user interface (UI), as part of its ongoing mission to improve security analyst productivity. The additions to the Exabeam security information and event management (SIEM) platform will offer improved detection, investigation and response to threats. The company also announced the general availability (GA) of its Threat Intelligence Service to its customer base. Smart Timelines Smart Timelines incorporate indicators of compromise (IOCs) from the Exabeam Threat Intelligence Service, including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures. By automating the task of timeline creation and automatically stitching together normal and abnormal behaviors for users and devices, Smart Timelines put an end to a common problem for security analysts– known as ‘swivel chair’ incident response– in which workflows require multiple products with different interfaces and credentials. Now, investigators can accurately pinpoint anomalous events and improve their productivity for incident investigation and threat hunting. “Exabeam Smart Timelines allow us to quickly analyze and understand when there is a threat, so my team can spend their time acting on the evidence and outmaneuver our adversaries,” said Ryan Clarque, senior manager, Global Cybersecurity, Levi Strauss & Co. Exabeam Threat Intelligence Service The Threat Intelligence Service behind Smart Timelines is a curated cloud threat intelligence feed that provides context for potential attacks Ian Lee, manager, IT Security and Compliance, Hudbay Minerals, Inc., reiterated Clarque’s point: “Exabeam Smart Timelines stitch together events from various sources, making it easy for us to identify anomalous activity in our environment.” The Threat Intelligence Service behind Smart Timelines is a curated cloud threat intelligence feed that provides context for potential attacks, which SOCs need, by uncovering IOCs and malicious hosts. As part of the service, Exabeam aggregates IOC feeds and applies machine algorithms to remove false positives before downloading the feeds on a daily basis to Exabeam Data Lake and Exabeam Advanced Analytics. Exabeam Security Management Platform The Exabeam Security Management Platform now also has a single, unified UI for detection, investigation and response. Having fewer tools to master means that engineers have a significantly reduced learning curve. Additionally, the ability to easily and efficiently move from investigation to case management to response without needing to manually assemble information from multiple disparate systems reduces the chance for human error. By spending more time on investigation, teams decrease the mean time to detect (MTTD) and mean time to respond (MTTR). “We know that SOC teams are severely time constrained and under intense pressure, due to staffing issues and ubiquitous cyberthreats. Manual tasks like reviewing logs to understand the full scope of an attack can be unnecessarily burdensome,” said Trevor Daughney, vice president of Product Marketing at Exabeam. “Considering how overloaded the SOC team is, we want to end fragmented workflows and combine disparate systems and interfaces, so that critical alerts for distributed attacks aren’t missed.” Other new features include: SAML integration for quick and easy single sign-on (SSO) authentication with popular identity and access management (IAM) vendors like Okta, Ping and Google Granular role-based access control (RBAC) for watch lists to control access of sensitive user information by role and responsibility Eight new out-of-the-box response playbooks and over 20 additional prebuilt integrations connecting Exabeam Incident Responder to popular security tools