RSAC: Exabeam Launches Cloud Platform to Extend Security Information and Event Management Solution With Applications, Tools and Content

At RSAC 2020, Exabeam unveiled the Exabeam Cloud Platform to help security leaders mature their security posture; aid architects to secure new use cases by expediting the provisioning and consumption of new applications, tools and content; and make security engineers and analysts more efficient with simplicity of use and deployment.

Click to enlarge

Applications, including the previously announced Exabeam Threat Intelligence Service and the Cloud Archive, will be available on the Cloud Platform through the firm’s Application Marketplace. The first tool, the Exabeam Parser Editor, a patented self-service parser tool, is being made available with the launch of the Exabeam Cloud Studio on the Cloud Platform.

Key components of Exabeam Cloud Platform
Click to enlarge

The multi-tenant Cloud Platform extends the firm’s security information and event management (SIEM) solution with capabilities – user and entity behavior analytics (UEBA) and object-centric workspaces – as well as cloud storage, data graphing and integrations with over 250 products. As a cloud offering, engineering tasks needed to deploy and maintain the infrastructure’s underlying services are eliminated.

Application marketplace
The Application Marketplace provides analysts and engineers with a single online location to try, buy and deploy the company’s security management applications to improve how they work. Initial applications include:

• Cloud Archive – allows organizations to establish a second cheaper storage tier for the long-term retention of security without having to endure long search times or inaccessible storage

• Threat Intelligence Service – allows security teams to integrate threat intelligence with correlation rules or behavioral analysis models to indicate added risk of notable users and entities

In the future, applications will also be available from partners. They will be able to build applications on the Cloud Platform using the firm’s software development toolkit (SDK) or sell them through the marketplace.

Cloud Studio
Of all SOC responsibilities, security pros were least satisfied with responsibility for SIEM content creation, according to the firm’s 2019 Cybersecurity Professionals Salary, Skills and Stress Survey (registation required). The Cloud Studio reduces the frustrations of SIEM content creation. Engineers can use tools to quickly develop the content they need to support new use cases.

Initially the Cloud Studio includes:

• Parser editor – a novel solution that will save engineers an average of six hours a week by allowing them to build parsers for new log types and modify existing parsers by uploading a log file and using the simple, intuitive UI of a self-service wizard

“Exabeam’s mission is to make every security practitioner more efficient,” said Nir Polak, CEO,. “We previously helped security teams improve productivity by redefining the modern SIEM with UEBA and SOAR. Now, we are raising the bar again, with a cloud platform that allows them to quickly provision and consume new applications, tools and content.“

The company is also announcing additional features to the Security Management Platform (SMP), a SIEM that can be deployed as SaaS, in a public or private cloud, or as software on premises:

• Turnkey playbooks: out-of-the-box automated playbooks for common security investigations, such as phishing, that unlike playbooks in other security orchestration, automation and response (SOAR) products, do not require third-party licenses or configuration

• Cross-platform integrations that allow analysts to seamlessly pivot from events in a user timeline back to the raw log; view cases automatically enriched with user, entity or artifact details; add evidence to cases (or create new cases) directly from user timelines; and build playbooks to recognize anomalous activity

• Dark mode: to improve analysts’ visual experience, especially in low-light environments like a dark SOC or late at night when an attack surfaces

Availability:

• Threat Intelligence Service is available to the firm’s customers at no additional cost.

• Cloud Archive will initially be available to the company’s SaaS cloud customers in 2Q20.

• Parser Editor will be available in a limited release in 2Q20.

• Other firm’s SMP features will be available in 2Q20.

About Exabeam
It is a smarter SIEM company helping security operations and insider threat teams work smarter, allowing them to detect, investigate and respond to cyberattacks in 51% less time. Security organizations no longer have to live with excessive logging fees, missed distributed attacks and unknown threats, or manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response, both on-premise or in the cloud.Its Smart Timelines, sequences of user and device behavior created using ML, further reduce the time and specialization required to detect attacker tactics, techniques and procedures.