Exabeam is an enterprise security software package that’s designed to ferret out security risks and attacks by watching user behavior.
- STATEFUL USER TRACKING – Transforming Security Analytics
- ADVANCED DATA SCIENCE – Analysis and Data Science with Embedded Security Expertise
- THREAT HUNTING – Ask New Questions
- INSIDER THREATS
- USER IMPERSONATION
- ACCOUNT LOCKOUTS
- CLOUD ANALYTICS
- DATA LOSS PREVENTION
- PRIVILEGED ACCOUNT MONITORING
- Highlights suspicious activity that manual systems miss. Able to develop behavior profiles through past data. Extremely intuitive and easy to use.
- The Exabeam User Behavior Intelligence Platform is designed to gather information from a variety of diverse sources, including Active Directory and your security information and event management (SIEM) software and appliances and report suspicious behavior in a timely fashion.
- The Exabeam, which can be delivered either as a physical or virtual appliance, works by examining your organization’s event history to determine what’s normal and then examining events that deviate from normal. Exabeam also has a subscription cost that varies according to the number of monitored users and devices. If this functionality sounds specialized, that’s because it is. Exabeam is great software, but it should only be one component of a well-equipped network security tool box along with other tools like GFI LanGuard andViewfinity.
- Exabeam is so useful because it is able to correlate events and activities and then display them so that it’s obvious to security managers what’s going on, and why the person or asset was flagged. Because all of the data is available in the background, you can drill down to see what a specific person was doing that caused them to be flagged, and you can follow their activities over time or through the enterprise.
- Because Exabeam follows events and people through time, it makes it possible to see exactly when a suspicious event occurred, what happened at that moment, and what events followed. You can watch a security event unfold as the hacker penetrates your defenses, and watch how they changed user names, elevated privileges, and accessed data. You can also see exactly what data they accessed.
- Implementing Exabeam requires that you either attach the appliance to your network or install in a VMware virtual machine (VM) where it can monitor your Active Directory and your SIEM. You will need to provide basic information for access to those devices and then let it run. That’s all there is to it but it will pay dividends to spend some time learning how to make best use of the data that it’s finding and presenting.
- Once it’s up and running, Exabeam requires little training for use. Considering the difficulty in finding trained IT security staff, Exabeam may pay for itself in keeping staff costs under control. In any case, it quickly performs levels of analysis that would take years of intimate knowledge of the organization and its staff to learn. And, considering the flood of data produced by most SIEM products, it can see events that are otherwise impossible to find any other way. One way to think about this is, if Target had been using Exabeam, the breach might never have happened or, if it had, it would have immediately ended.
- Exabeam’s user behavior intelligence solution employs a combination of extraction and enrichment of high-value log feeds to attribute security alerts to anomalous user activity and ultimately the credentialed session on the system that caused the alert;
- Stateful User Tracking and session assembly to create a timeline of credential use from log on to log off; behavior analysis to learn and refine user and peer group behavior; and additive risk scoring to make it easy for security analysts to prioritize which events require immediate attention. Not only does this shorten detection times and give security teams a full picture of the entire attack chain, but it costs less than hiring and training additional data scientists.