Shine a Light on Modern Cyber-Attacks
Today’s credential based threats are complex, often touching many systems, using multiple log-ins, and spanning a period of several days or months. These insider threats involve the legitimate credentials and access privileges of real users, making them challenging for legacy security solutions to detect. In order to tackle these insidious threats, organizations need a solution built from the ground up using modern technologies such as machine learning, behavioral analysis and data science.
A Smarter Approach to Detection and Investigation
Exabeam Advanced Analytics is the world’s most deployed behavioral analytics platform. Advanced Analytics analyzes actual user and entity behavior to determine risk and to inform overburdened security analysts about potential attacks, as well as how to remediate them. Advanced Analytics provides a powerful analytics layer on top of existing SIEM and log management technologies, detecting new attacks, prioritizing incidents, and guiding a more effective response.
Exabeam Advanced Analytics combines a purpose-built architecture with an investigation-focused user experience designed to fit the way security professionals actually work. Advanced Analytics uses a proprietary Session Data model that automatically stitches together incident timelines including both normal and abnormal user activity, for all threats detected. This reduces the manual effort security analysts spend on investigations and increases their productivity.
Rapid Time to Value
Regardless of the data type or source, Exabeam makes it easy for customers to use of all of the information available to them in order to perform a truly comprehensive assessment of the threats on their network. Advanced Analytics can ingest logs from a SIEM or directly from the data sources themselves via Syslog. Customers are able to rapidly deploy and analyze historical logs for quick time to value, or analyze new log sources in Advanced Analytics which were previously cost prohibitive to send to their SIEMs. This flexible data handling delivers a fast time to value of unmatched by other behavioral analytics solutions.
Compounding Operational and Cost Efficiencies
The benefits of the Advanced Analytics solution are compounded by Exabeam Log Manager and Incident Responder which together provide full end-to-end coverage for data storage, access, analytics, and automated response. Advanced Analytics can be deployed as a standalone solution, or as part of the larger Exabeam Security Intelligence Platform.
How It Works
Exabeam Advanced Analytics accepts hundreds of data sources which generally fall into one of three types:
- Context: Information about the assets and users in an environment (e.g. AD)
- Content: Logs and security alerts from a SIEM/LMS or from their source via Syslog (e.g. VPN, proxies, anti-malware, etc.)
- Logic: Rules, models, and feeds from our security team, that our of customers, or external sources
These inputs are processed by a series of engines including:
- Context Engine: Uses machine learning and statistical analysis to enrich the contextual information about an environment (e.g. is a machine a workstation or a server)
- Session Engine: Creates user sessions based on Exabeam’s unique, patented session data model. These user session automatically stitch together timelines for all activities (both normal and anomalous) of all users in an environment
- Behavioral Engine: Creates baseline models of behavior for all users and entities based on their activity, and then identifies anomalies
- Risk Engine: Applies risk scores to anomalous activity detected
The final output of these engines is available for use by customers via:
- Exabeam’s Advanced Analytics user interface
- Exabeam Threat Hunter
- Exabeam Incident Responder
- Other third party tools such as existing SIEMs or other security solutions
Exabeam provides world class threat detection, prioritizes analyst workloads, and greatly improves SOC productivity. Its key features include:
- User and Entity Behavior Analysis (UEBA) based detection for complex modern threats including credential-based attacks, insider threats, and ransomware
- Pre-constructed session timelines which automate analyst investigation, and make proactive analysis faster and easier
- Intelligent security alert prioritization to ensure analysts can easily find the alerts which require the most attention
- A unique session data model that automatically detects lateral movement including changes of credentials, IP addresses, or devices
- Interoperability with all major SIEM solutions, as well as Exabeam’s Log Management and Incident Response solutions
- Ease of setup and use
- Scale-out multi-node architecture
- Supports 500+ data sources out of the box
- Ability to deploy as a pre-sized physical appliances or as a cloud-ready VM