Exabeam introduces new features to improve security analyst workflows

Exabeam announced two pioneering cybersecurity features, Threat Center and Exabeam Copilot, to its AI-driven Exabeam Security Operations Platform.

Exabeam Copilot

A first-to-market combination, Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralizes security analyst workflows, while Exabeam Copilot uses generative AI to help analysts quickly understand active threats and offers best practices for rapid response. These innovations reduce learning curves for security analysts and accelerate their productivity in the SOC.

“We built Threat Center with Exabeam Copilot to give security analysts a simple, central interface to execute their most critical TDIR functions, automate routine tasks, and supercharge investigations for analysts at any skill level,” said Steve Wilson, CPO, Exabeam.

“These new features amp up the value of our AI-driven security operations platform and take analyst productivity, efficiency, and effectiveness to new heights. Threat Center helps security analysts overcome one of the biggest challenges we’ve heard from them — having to deal with too many fragmented interfaces in their environments. By combining Threat Center with Exabeam Copilot we not only improve security analyst workflows, we also lighten their workload,” added Wilson.

Solving for lack of visibility and automation

Security operations teams are often challenged with managing multiple security tools, which can lead to siloed data and a lack of visibility into threats. This can make it difficult to understand their entire threat landscape and execute TDIR in a timely manner.

According to Exabeam’s recent The State of Threat Detection, Investigation, and Response (TDIR) Report 2023, organizations globally reported that they can “see” or monitor only 66% of their IT environments, leaving ample room for blindspots. Exabeam customers are already using the Outcomes Navigator feature as a driver to know what parts of their environments they are able to monitor for TDIR and where coverage improvement may still be needed. Threat Center streamlines these processes further to remediate threats against covered areas faster.

The report also reveals that only slightly more than half (53%) of global organizations have automated 50% or less of their TDIR workflow. With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to cyberthreats, helping companies solve for a lack of automation and ultimately accelerating response.

Powered by AI-driven detection, the Exabeam platform easily pinpoints high-risk threats by learning the normal behavior of users and entities and prioritizing threats with context-aware risk scoring — all now presented through the Threat Center interface — for faster, more accurate, and consistent TDIR. Revealed as the second most identified need in the Exabeam TDIR report –– 35% of respondents reported a desire for improved understanding of normal user and entity and peer group behavior within their organization.

Threat Center and Exabeam Copilot

Threat Center unifies threat management, investigation tools, and automation to accelerate and efficiently investigate and respond to threats. Powered by an advanced security-trained, generative AI model, Exabeam Copilot supercharges security analyst investigations.

Threat Center with Exabeam Copilot helps analysts:

  • Understand an entire threat that spans multiple detections to tell a complete story of what happened.
  • Conduct complex powerful search queries in plain natural language.
  • Understand a threat, and know how to respond, using generative AI threat explanations for clear cross-organization communication.
  • Automate routine tasks, expose hidden threats, and greatly accelerate response times.
  • Prioritize alerts and cases, with context-aware risk scoring.
  • Reduce the number of alerts that analysts need to investigate – detection grouping associates related entities and events.
  • Optimize SOC team collaboration with case sharing, case escalation, and shared notes.
  • Visualize evidence with interactive threat timelines and instant access to relative data including behavioral models, users, and endpoints.
  • Author automation rules critical to SOC workflows, such as escalating specific alerts to cases or queues via APIs or webhooks.
  • Utilize pre-built playbooks with the ability to view, disable or clone for easy customization.

Maximize Microsoft Sentinel investment with Exabeam

In addition to identifying high-risk threats, providing faster, more accurate investigation and response, and improving threat coverage, the AI-driven Exabeam Security Operations Platform helps security teams realize the full potential of their security investments.

Also announced, customers can now add Exabeam TDIR capabilities on top of existing Microsoft Sentinel deployments. Extending Exabeam analytics and automation to Microsoft Sentinel helps organizations realize new potential from their SIEM.

With Exabeam, Microsoft Sentinel users can see new detections with broader insights and automate workflows, ingest data from a wide range of Microsoft and best-of-breed security products, and accelerate the TDIR capabilities of their SIEM deployment. The Collector for Microsoft Sentinel adds to a growing list of supported SIEM products – Splunk and IBM QRadar, to name a few.

“The potential of generative AI to drive accuracy and speed within the SOC delivering increased productivity is becoming a reality through features like Threat Center and Exabeam Copilot,” said Colin Anderson, CISO, Dayforce. “Threat Center will save analysts countless hours by enabling SOC analysts to work from one single interface performing investigations and taking actions against identified threats. The Exabeam Copilot AI virtual assistant will be a force multiplier for SOC teams helping to improve cybersecurity across organizations.”

“We are pleased to see the new detection grouping logic inside Threat Center that will give us the comprehensive context we need in one spot about multiple security alerts without having to pivot to another location –– this will be especially helpful when multiple alerts turn out to be related to a single threat impacting more than one user or entity on the network,” said Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks. “We are equally excited to work with Exabeam Copilot, which is like having a subject matter expert right by your side as you investigate and respond to incidents. Exabeam Copilot will help veteran and new analysts alike be far more efficient in the SOC.”

“We are excited to see Exabeam’s generative AI-powered features integrated into their latest technology. You don’t choose your threats. Your threats choose you with little to no warning. We look forward to using Threat Center for a cohesive platform that will allow us to protect our members’ assets and financial data,” said Carl Scaffidi, CISO, VyStar Credit Union. “Exabeam Copilot will let us ask very specific questions and get immediate actionable answers, speeding up threat hunting, investigation and response times.”

General availability of the new features begins in March 2024.

More about

Don't miss