External Threat Detection, Investigation, and Response:
Exabeam provides the leading Next-Gen SIEM and XDR. The reality of today is we are dealing with highly trained and committed adversaries. The headlines don’t lie, attacks are on the rise, and their one thing in common is use of valid user or entity credentials.
These hackers or insiders are hidden in plain sight, masquerading as legitimate users or devices. Signatures and Rules aren’t enough to detect these types of advanced attacks. Understanding the data, behavior and identity of our users and assets is a critical requirement for any SIEM or XDR.
The Exabeam Way
Exabeam provides the leading Next-Gen SIEM and XDR.
No matter what your security vendor claims, external attackers consistently find ways to bypass defenses. Once inside, you are likely oblivious to their presence.
Exabeam helps eliminate the blindspots of external attacks by identifying abnormal activity and providing purpose-built investigation and response capabilities.
External Threat Detection, Investigation, and Response
Minimize Dwell Time
Speed investigations, improving productivity
Mitigate threats fast, limiting the scope and potential harm
1 of 10 — The Exabeam Way
If an attack bypasses your security stack.
No worries, Exabeam has your back.
Every action a user or asset takes is analyzed against normal. If an action is outside normal parameters, that user’s risk score increases.
Multiple failed logins
Connect from unknown country
Connect at off hours
Upload large files
Download large files
Escalating user privilege
Creating new users
Large email attachments
Heavy network traffic
Accessing new assets
While some external attacks use brute force, many successful attackers do reconnaissance. Exabeam identifies that recon and scores it.
To start the investigation click on Sherri Lee.
Sherri Lee’s risk score is high, especially for her role.
2 of 10 — Overview
You can see that Exabeam has identified five
potential security events.
Billie emailed huge amounts of data outside the company and also printed more than usual. Billie might be a malicious insider.
Click the first one in the list
Let's continue the investigation
3 of 10 — Notable Users
Exabeam analytics identified potential malware based on analyzed actions.
At the bottom of the screen are the “Risk Reasons”, written in easy to interpret language that anyone can understand.
4 of 10 — Watchlist
Rather than manually searching across systems, Exabeam automatically creates a Smart Timeline that includes the data and context needed for your investigation.
Let’s check Data Insights for more context.
You see an odd web communication attempt, this looks like malware, and Sherri’s risk score increases by 10 points.
Drill down on any activity in the timeline.
Click to see more
5 of 10 — Task Lists
Rather than manually searching across different systems for your investigation, Exabeam automatically puts it into a single timeline. This gives you the data and the context.
Scroll down to see more.
6 of 10 — Smart Timelines™
Next we see some concerning executions, including tor.exe and @wanadecryptor@.exe.
Sherri’s score increases by 15 more points
He then emailed lots of files to his Gmail account, clearly against internal policies.
Click here to learn more
Now the clincher, Sherri, or an attacker using Sherri’s credentials, tried to connect to a known WannaCry Ransomware domain; this added 90 points to her risk profile. Once over the threshold, this event is now an incident. Note: this occurred without any 3rd party security alerts.
Within a few minutes, you know that ransomware has bypassed your security controls and is an imminent threat to your organization.
Checklists can be modified for any step of your investigation. We even allow you to automate responses based on the risk score.
The Exabeam Smart Timeline illustrated the story. Ransomware checklists guided the next steps in the investigation, and all of the questions needed to complete the investigation were answered.
7 of 10 — Remediation
There are checklists, that can be modified, for every step of your investigation. We even allow you to automate some of the responses based on the risk score.
Click to move to the Workbench
Another benefit is the audit trail, we provide a complete picture of all the steps taken in this investigation. Some use this to train new analysts.
Now that you know there’s an incident, let's see how Exabeam helps resolve it fast.
8 of 10 — Automated Response
Click to scroll down
When we run the turnkey Malware playbook, it kicks off a request to lookup files in VirusTotal, scans the file using Yara. You see the results within a single view, saving you time.
9 of 10 — Workbench
The playbook also shows geolocation information and domain scores, automatically providing you with critical information for your investigation.
Click to see the full playbook.
Now that we know we have a security incident, you can take remediation actions directly within Exabeam, no coding or programming required.
Exabeam playbooks help standardize your triage, investigation, and response processes. Repeatable processes, regardless of the expertise of your analysts.
That’s External Threat Detection, Investigation, and Response the Exabeam way.
Detect external-based threats by analyzing the attacker's behavior
Quickly and consistently conduct comprehensive investigations
External threats can, and will, get past your controls. Exabeam gives you the confidence to:
Automate response actions to mitigate damage
Eliminate some of your blindspots
Exabeam shines a light on external attackers.
They may find a way in,
but they cannot hide.
Request a 30-minute live demo with an Exabeam Expert.