Use Case Walkthrough:
Exabeam provides the leading Next-Gen SIEM and XDR. The reality of today is we are dealing with highly trained and committed adversaries. The headlines don’t lie, attacks are on the rise, and their one thing in common is use of valid user or entity credentials.
Start tour
Detect
Respond
Investigate
These hackers or insiders are hidden in plain sight, masquerading as legitimate users or devices. Signatures and Rules aren’t enough to detect these types of advanced attacks. Understanding the data, behavior and identity of our users and assets is a critical requirement for any SIEM or XDR.
Malicious Insiders
For optimum use, we recommend viewing this on desktop.
Continue viewing on mobile
Exabeam provides the leading Next-Gen SIEM and XDR.
The Exabeam Way
Malicious insiders are one of the hardest threats to identify. Unlike external attacks, these insiders hide in plain sight and use valid credentials.
Legacy tools, that rely on signatures and rules, cannot defend against insiders. They can’t detect when user behavior drifts from normal. Behavioral analytics, and the context they deliver, combined with automation, are often your only defense.
Malicious Insider Investigation
Please scroll ahead to see how Exabeam detects, investigates, and responds to these threats.
Slash the time to resolution
Improve productivity and remove alert fatigue
Lower the cost of security infrastructure with a cloud-delivered solution
Continue
Overview
Exabeam analyzes behaviors for all users, groups, and assets to baseline normal.
Every action a user or asset takes is analyzed against normal. If an action is outside normal parameters, that user’s risk score increases.
1 of 10 — The Exabeam Way
Login
File access
Website access
Email
Download
Upload
Read
Write
Open
Close
VPN
Intranet
Internet
Local connection
Logoff
Location
Geolocation
IP address
Remote logins
Multiple failed logins
Connect from unknown country
Connect at off hours
Upload large files
Download large files
Escalating user privilege
Creating new users
Deleting users
Locking files
Large email attachments
Heavy network traffic
Moving laterally
Accessing new assets
Private email
If during a session a user’s risk score reaches 90, that user is added to the Notable Users watch list.
Billie Wells has a high risk score.
To start the investigation click on Billie Wells.
Notable Users
2 of 10 — Overview
Exabeam behavioral analytics reported Billie as a notable user on the watch list.
Billie emailed huge amounts of data outside the company and also printed more than usual. Billie might be a malicious insider.
Click to scroll down
Let's continue the investigation
Watch Lists
Task lists make sure nothing important is missed.
Let’s see what Billie has been up to. Exabeam Smart Timelines show everything.
Task Lists
Every action that increased Billie's risk can be seen.
Let’s check Data Insights for more context.
There seems to be unusual file interactions.
Timelines
Models enable deep dives into Billie's behaviors.
Let’s go further with the Smart Timelines investigation.
Models
Billie tried to use Dropbox and was blocked.
He then emailed lots of files to his Gmail account, clearly against internal policies.
Remediation
It’s time to take response actions. Let’s run the automated data leak playbook to stop the leakage and disable his ability to cause any more damage.
It looks like Billie is up to no good.
Automated Response
In this scenario you can see how easy it is to identify malicious insiders and take decisive action to end the threat.
Hone in on users or entities whose behavior is risky
See exactly what they are doing that make them a risk
Easily complete detailed investigations
With Exabeam you can:
Take automated response actions to mitigate the threats
No coding, no search required
Exabeam shines a light on malicious insiders.
They can run but they cannot hide.
Request a 30-minute live demo with an Exabeam Expert.
Malicious insiders is only one of the use cases Exabeam has to transform how you detect, investigate and respond to threats.
Conclusion