Overview

Exabeam’s User Behavior Analytics (UBA) Platform “connects the dots” across a user’s activities to detect if stolen credentials are being used to attack a corporate network. As part of the expected ~$9 Billion solutions market, Exabeam is designed to notify security analysts when anomalous behavior takes place.

Historically, SIEM products would be the assumed solution for this problem. However, attacks have changed, shifting from network-based to identity-based, and SIEM products continue to miss them, allowing breaches to occur and failing to help security operations center (SOC) teams respond effectively.

Exabeam detects identity-based attacks and helps SOC staff respond quickly and completely after detection. It uses machine learning to automatically create a unified identity for each user, across all of that user’s IP addresses, devices, and accounts. It then creates per-user baselines of normal behavior, and compares activity to that baseline to determine anomalies and prepares a timeline for guided response.

Exabeam lets customers:

• Quickly identity threats not seen by traditional security products. In more than 50 percent of pilots, Exabeam consistently finds attacks underway that were previously undetected.

• Enhance compliance reporting. Companies often have policies regarding access and attribution of access rights. Exabeam provides attribution of the unauthorized access to the person using the credential at the time.

• Accelerate response. On average, security incidents can take six -10 days to piece together investigation information about accounts compromised and systems affected. By providing this information automatically, Exabeam can eliminate one week per incident of analyst time.