The Exabeam Security Intelligence Platform (SIP) is a modern SIEM that combines end-to-end data collection, analysis, and response in a single management and operations platform.
The Exabeam platform is built on a scalable, modern big data infrastructure, and uses data science for behavioral modeling, machine learning, and advanced analytics for comprehensive insider and entity threat detection. Exabeam’s User and Entity Behavior Analytics (UEBA) provide insider threat detection, tracking anomalous behavior and suspect lateral movements within your organization, while also securing your cloud services, machines, devices, and IoT assets. Automated incident response allow teams to respond to security incidents rapidly and with less effort. The foundation is the Exabeam security data lake designed to store all of your event logs at a predictable flat price. Now your security teams no longer have to manually analyze the sea of data logs – and instead can focus on quickly identifying and responding to security threats.
Exabeam Data Lake is built on the open source Elastic Stack (Elasticsearch, Beats, Kibana), and combines these components with additional functionality to deliver ease of use and enterprise-level systems management. For example, the Elastic Stack is missing the ability to remotely manage log shipping components (i.e. Elastic Beats). Exabeam adds remote configuration, upgrading, and start/stop to the open source framework. Elastic does not, on its own, have any particular understanding of security logs, but Exabeam adds log parsing and a security information model to Elasticsearch. Finally, Exabeam streamlines the Kibana user interface and has built special components for security analyst workflows.
Already the #1 most-deployed User and Entity Behavior Analytics solution in the world, Exabeam Advanced Analytics detects insider threats, compromised accounts, and data loss via deep learning and specialized statistical risk models. The Exabeam behavioral analytics capabilities recreate the entire attack chain, piecing tougher both normal and anomalous behavior of users and entities. Based on a patented session data model, Exabeam creates, in seconds, automatic incident timelines that show all activity - good and bad - across multiple IP addresses, devices, and credentials. Exabeam analytics amplifies the abilities of SOC and IR staff by automating the manual drudge work of creating investigation timelines.
When Exabeam detects an insider threat or other incident, the job isn’t completed. Now your organization must respond efficiently and effectively. Exabeam Incident Responder automates a firm’s response procedures with incident workflows and playbooks. Incident Responder ships with a set of pre-built playbooks for the most common incident types, such as malware alerts, phishing incidents, data loss alerts, departed insider issues, etc. Playbooks can be modified, and customers can create their own playbooks, as well.