Exabeam announces Smart Timelines and a single user interface to end ‘swivel chair’ incident response

Exabeam released two new features: Exabeam Smart Timelines and a single user interface (UI), as part of its ongoing mission to improve security analyst productivity.

The additions to the Exabeam security information and event management (SIEM) platform will offer detection, investigation and response to threats. The company also announced the general availability (GA) of its Threat Intelligence Service to its customer base.

Smart Timelines incorporate indicators of compromise (IOCs) from the Exabeam Threat Intelligence Service, including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures.

By automating the task of timeline creation and stitching together normal and abnormal behaviours for users and devices, Smart Timelines put an end to a problem for security analysts– known as ‘swivel chair’ incident response– in which workflows require multiple products with different interfaces and credentials. Now, investigators can pinpoint anomalous events and improve their productivity for incident investigation and threat hunting.

“Exabeam Smart Timelines allow us to quickly analyse and understand when there is a threat, so my team can spend their time acting on the evidence and outmaneuver our adversaries,” said Ryan Clarque, senior manager, Global Cybersecurity, Levi Strauss & Co.

Ian Lee, manager, IT Security and Compliance, Hudbay Minerals, reiterated Clarque’s point: “Exabeam Smart Timelines stitch together events from various sources, making it easy for us to identify anomalous activity in our environment.”

The Threat Intelligence Service behind Smart Timelines is a cloud threat intelligence feed that provides context for potential attacks, which SOCs need, by uncovering IOCs and malicious hosts. As part of the service, Exabeam aggregates IOC feeds and applies machine algorithms to remove false positives before downloading the feeds on a daily basis to Exabeam Data Lake and Exabeam Advanced Analytics.

The Exabeam Security Management Platform now also has a single, unified UI for detection, investigation and response. Having fewer tools to master means that engineers have a reduced learning curve. Additionally, the ability to move from investigation to case management to response without needing to assemble information from multiple disparate systems reduces the chance for human error. By spending more time on investigation, teams decrease the mean time to detect (MTTD) and mean time to respond (MTTR).

“We know that SOC teams are severely time constrained and under intense pressure, due to staffing issues and ubiquitous cyberthreats. Manual tasks like reviewing logs to understand the full scope of an attack can be unnecessarily burdensome,” said Trevor Daughney, vice president of Product Marketing at Exabeam. “Considering how overloaded the SOC team is, we want to end fragmented workflows and combine disparate systems and interfaces, so that critical alerts for distributed attacks aren’t missed.”

Other new features of the Exabeam Security Management Platform include:

• SAML integration for single sign-on (SSO) authentication with identity and access management (IAM) vendors like Okta, Ping and Google,
• Granular role-based access control (RBAC) for watch lists to control access of sensitive user information by role and responsibility,
• Eight new response playbooks and over 20 additional prebuilt integrations connecting Exabeam Incident Responder to security tools.

Exabeam Smart Timelines, Exabeam Case Management, Exabeam Threat Intelligence Service and new versions of Exabeam Advanced Analytics and Exabeam Incident Responder are generally available. Exabeam Threat Intelligence Service is available at no additional charge to Exabeam customers.