Legacy Log Management is Ripe for Disruption
Data management – whether for logs, network, endpoints, or other types – is a fundamental component of a strong enterprise security architecture. It supports security intelligence and analytics, as well as compliance and forensics reporting. The good news is that the data management process is mature and well-understood. The bad news is that log management vendors have not kept pace with rapid changes in data growth, new data types, cloud architectures, and open source big data management. Log management systems are now measured in petabytes, with data streaming in from internal networks, endpoints, and the cloud. Legacy data management solutions simply weren’t designed for such an environment. Even worse, these systems are licensed “by the byte,” becoming more expensive every year as data grows and requiring CISOs to plunk down more of their budget for no associated gain.
Exabeam Data Lake is different. It’s a data lake designed for the modern world, with a scale-out architecture that can support any type and volume of data, and for a predictable price. Deploy it next to or in replacement of your SIEM and then pour *all* your log, endpoint, unstructured, and other types of data in and retain it as long as you wish.
Search Shouldn’t be Painful
Exabeam is built on a foundation of proven, scalable open source big data technology, including HDFS and Elasticsearch. Many Web-scale companies rely on these technologies today to support the massive data volumes they generate. Elasticsearch is excellent for time series data management, i.e. security event log handling. Exabeam Data Lake integrates the Elasticsearch stack with other technologies to create a thoroughly modern data management solution.
Exabeam adds enterprise features such as remote collection agent management and security data enrichment to these proven technologies, and packages the solution for easy deployment and operations.
Storage Should be Predictable
Unlike other data management products, Exabeam Data Lake is licensed in a predictable, per-user model so that you can capture as much data as you need for reporting and analytics. Want to add your proxy, EDR, or DLP data into your log system? How about your network data? If you tried that with another product, the additional bills would quickly drain your budget. With Exabeam Data Lake, there is no charge for extra data, so you can finally log and analyze anything necessary to detect and respond to modern threats.
How It Works
Exabeam Data Lake is a security data lake built on proven open source big data technologies including Elasticsearch. The system delivers:
- Ability to be deployed in parallel or in replacement of any traditional SIEM or log management system
- Web-scale aggregation of any security-related data
- Scale-out multi-node architecture
- Guaranteed at-least-once data delivery
- Search, dashboards and reporting
- Ability to enrich log events with unique security stateful context and Host-To-IP awareness
- Remote Management of agent based collectors, including update and stop/start
- User interface optimized for security analysis and reporting
- Ease of setup and use
- RESTful API
- Out of the box parsers for 750+ security and identity products
- Interoperability with any UEBA system
- Ability to deploy as a pre-sized physical appliances or as a cloud-ready VM