Exabeam Cloud Platform

Additional Info

CompanyExabeam
Websitehttps://exabeam.com
Company size (employees)100 to 499
Type of solutionCloud/SaaS

Overview

Organizations are increasingly moving their security to the cloud. The multi-tenant Exabeam Cloud Platform (ECP), a security platform-as-a-service (PaaS) extends the Exabeam Security Management Platform with security information and event management (SIEM) applications unique to Exabeam and a platform for further innovation.

Today, those applications include the Exabeam Threat Intelligence Service, Exabeam Cloud Archive, Exabeam Auto Parser Generator and Exabeam Action Editor. The Threat Intelligence Services is a curated list of indicators of compromise (IoC) for security analysts to use for detection and threat hunting in conjunction with Exabeam’s user and entity behavior analytics (UEBA) capabilities. Cloud Archive has a unique architecture that resolves the tradeoff between fast search and inexpensive storage for security teams maintaining long term data for forensic and compliance purposes.

The two other existing applications allow security engineers and analysts to create their own use case content, relieving them of the traditional requirement to wait on a vendor for new content. The Auto Parser Generator allows security practitioners to use an intuitive wizard to take a log sample and create a new parser (or modify an existing parser) to be able to ingest those logs into Exabeam. The Action Editor allows practitioners to create custom incident response actions that can be used to orchestrate actions in third-party applications directly from Exabeam Incident Responder.

In addition to existing applications, ECP provides a number of extended capabilities for Exabeam, our customers, our partners and other third parties to create new applications. Those capabilities include cloud connectors, object-centric workspaces, an advanced anomaly detection engine, data graphing, and the Application Marketplace where security teams with a single online location can try, buy and deploy security management applications.

How we are different

Rapid Use Case Coverage - Ninety-two percent of Exabeam customers report that they see value within a week after deployment. The reason for this is that Exabeam provides rapid coverage of use cases and MITRE ATT&CK so security teams can quickly improve their security maturity and achieve repeatable outcomes. Exabeam provides security teams with use case content that is out-of-the-box for each stage of their workflow - collection, detection, alert triage, investigation and response - to apply coverage for that use case. The ECP uniquely provides Auto Parser Generator and Action Editor to enable security teams to quickly achieve these outcomes.


Operational Efficiency - Exabeam improves efficiency at every step of security operations workflow by eliminating mundane and repetitive tasks through automation. A few notable examples include:
Cloud connectors allow organizations to reliably collect logs and initiate response actions to the most popular cloud services.
Behavioral analytics automatically detects user and device behaviors indicative of a threat. Some refer to it as “automatic correlation.”
Exabeam speeds analysts’ work by providing them with actionable insights during triage and investigation. Alert enhancement and automated incident timelines, provide real-time actionable intelligence to expedite decision making during alert triage and investigation.


Credential-based Attack Detection - ECP provides an object-centered workspaces where all behavior and activity are mapped to users or devices. ECP’s advanced anomaly detection engine then allows analysts to detect credential attacks by reliably distinguishing the abnormal activity of attackers from this normal user behavior, stopping credential-based attacks and insider threats, that were difficult, if not impossible, to detect.