Exabeam partners with ZeroFox to improve cyber defense capabilities for customers

Exabeam and ZeroFox announced an OEM partnership to enhance indicators of compromise (IoC) with an added layer of threat intelligence for Exabeam Fusion SIEM and Exabeam Fusion XDR customers.

In addition to Exabeam site collector and cloud connecter data, Exabeam will merge the ZeroFox Adversary Disruption service into the Exabeam Threat Intelligence Service, included in all Exabeam Fusion products, to further enrich customers’ data.

Exabeam and ZeroFox help organizations more accurately assess the business risks of cyberattacks. The ZeroFox service feeds into the Exabeam threat context tables that are a backbone of strong cyber analytics and advanced threat scoring precision. The ZeroFox service also includes a dedicated human research team, adding to its existing AI-based data collection for best-of-breed threat intel. Exabeam customers require no additional scripting or alteration of analyst workflows to leverage the ZeroFox service in Exabeam Fusion products.

“We build advanced threat intelligence services into our Fusion SIEM and Fusion XDR solutions because we want Exabeam customers – from the most junior security analysts to CISOs –– to have access to the most in-depth data required to strategically combat and eliminate adversaries, and to have a full grasp of potential business risk,” said Chris Stewart, vice president, business development and global alliances, Exabeam. “The ZeroFox Adversary Disruption service adds another secure layer of enriched data to the Exabeam Threat Intelligence Service to further boost our customers’ cyber defense capabilities.”

“In an increasingly advanced world of cyberattacks, Exabeam recognizes that threat intelligence is a critical component of any modern SIEM and should inform every business decision when examining the risk of an event or incident,” said James C. Foster, co-founder, chairman and CEO of ZeroFox. “We are pleased to have this OEM partnership with Exabeam to further provide security teams with advanced threat intelligence to help stop adversaries in their tracks.”

The ZeroFox Adversary Disruption service augments the Exabeam Threat Intelligence Service with:

• Automated discovery of malicious attacks from domains, content, profiles, and infrastructure associated with external cyberattacks.
• Collective intelligence from a global disruption network, including hundreds of network providers, partners, and customers.
• Disruption feed of malicious infrastructure lists with seamless integration into customers’ broader security and technology workflows and tech stacks.

Many XDR and SIEM vendors offer a “bring your own feed” model that puts the burden on security teams to purchase and manage their own separate threat intelligence service – Exabeam offers Exabeam Threat Intelligence Service free to its Exabeam Fusion SIEM and Exabeam Fusion XDR customers. It enables engineers to integrate native threat intelligence into their workflows, by incorporating correlation rules and behavioral analysis models to identify risk via IP and domain reputation indication.

Exabeam Threat Intelligence Service

In addition, the content in the Exabeam Threat Intelligence Service is updated daily so analysts can quickly identify and mitigate the newest and emerging attacks for consistent and outcome-driven security practices.

ZeroFox Adversary Disruption Service

The ZeroFox Adversary Disruption service shortens exposure time and speeds time-to-disruption by taking proactive measures before damages of an external cyberattack can occur. ZeroFox’s Disruption Intelligence Feed, including malicious infrastructure lists, can be easily integrated into firewalls, proxies, endpoints, and email and web security gateways.