Exabeam launched its platform, which adds a layer of user behavior intelligence on top of existing SIEM and log management repositories to give IT security teams a view of the full attack chain and spotlight valid attack indicators currently lost in a sea of security noise, allowing for better and more complete security response.
Attackers used authorized credentials in more than 76 percent of network intrusions in 2013, allowing them to impersonate legitimate users spanning across IT environments and conduct suspicious activities along the way.
Current SIEM technologies can’t detect subtle anomalies or correlate them across the entire attack chain, forcing IT and security teams to anticipate malicious behaviors, which is nearly impossible in today’s hacker climate. Exabeam’s platform removes the guesswork by providing access to real-time insights that tell users which indicators to look for in order to spot malicious behaviors.
The platform includes the following key capabilities:
- Extraction and enrichment of high-value log feeds, such as Windows, Unix, VPN and security events from existing log repositories.
- Session tracking of all user activities across multiple dimensions, from entrance to exit of the IT environment, regardless of the IP, devices and accounts used. It also connects discrete activities and security alerts back to the originating logon.
- Behavior analysis using unsupervised machine learning to automatically and continuously learn user and peer group behavior, as well as characteristics across multiple dimensions.
- Risk scoring to quantify the security importance of the anomaly, taking into consideration key security data, such as user access, assets priority and threat intelligence.
“For too long, security teams couldn’t get ahead of hackers because they didn’t know what to look for, had too many security alerts to process and didn’t get the complete picture of what was happening in their network,” said Nir Polak, Exabeam CEO and co-founder. “Exabeam fundamentally changes the way that cyberattacks are managed by addressing these challenges in an automated way and giving security teams the intelligence they need in real time. The future of cyberattack management starts with Exabeam, and the future is now.”