Exabeam product overview

Exabeam is a global cybersecurity platform that adds intelligence to every IT and security stack. It delivers next-gen SIEM and XDR and reinvents the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR).

Exabeam brings a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. It has products to empower security teams to detect external threats, compromised users, and malicious adversaries. It offers out-of-the-box use case coverage that delivers successful outcomes.

The platform’s behavioral analytics allows security teams to detect compromised and malicious users that were previously difficult or impossible to find. Its automation overcomes staff shortages by minimizing false positives and reducing the time it takes to detect, triage, investigate, and respond.

Pros of Exabeam

Its behavioral analytics let analysts reliably distinguish the abnormal activity of attackers from normal user behavior—without generating false positives. It then displays activity in a machine-built timeline, so users get visibility of an attacker’s complete journey instead of a list of alerts.
Security teams can deploy analytics to correlate, analyze, and investigate incidents while avoiding vendor lock-in. Automation helps analysts prioritize alerts, speed investigation, and orchestrate their response across existing and new applications.

Cons of Exabeam

Some users commented that the customer support team takes a while to respond.

Breakdown of core features

Alert triage

Exabeam Alert Triage provides a unified view of third-party and native Data Lake-triggered security alerts. As a result, analysts can review alerts faster and quickly identify which alerts pose a threat to their organization. The software automatically aggregates high-frequency alerts that share the same name, type, vendor, and severity, letting analysts triage alerts in batches. It gives contextual information and a user and entity timeline of related activity, so security teams can understand what happened before and after the alert.

Behavioral analytics

For all anomalies detected, the system’s machine-built Smart Timelines stitch together both normal and abnormal behavior for users and machines, including IoT devices and cloud storage objects. Exabeam logs activity from cloud storage objects and detects malicious user activity to prevent compromise or exfiltration of sensitive data stored in the cloud.

Threat hunting

Exabeam has a point-and-click interface that simplifies the process of creating complex search queries. It returns incident timelines as search results, outlining normal and anomalous activity around the threat. It also operationalizes MITRE ATT&CK. Drop-down menus streamline an analyst’s search for tactics and techniques across users and devices.

Threat intelligence

The platform’s Threat Intelligence Service offers real-time insights to uncover indicators of compromised (IOC) hosts and users. Users can incorporate fields in the Threat Intelligence Service into correlation rules and behavioral analysis models to identify risk by indicating IP, domain, and URL reputation. It can also include TOR endpoints without integrating third-party feeds, writing scripts, or altering analyst workflows. Content in the Threat Intelligence Service updates daily, so users can find and mitigate the newest and emerging attacks for consistent and outcome-driven security practices.

(Last updated on 04/21/2022 by Liz Laurente-Ticong)