Exabeam Launches Upgraded SIEM Platform Built for Cloud, New Threats

Facing a shift from legacy SIEMs, cybersecurity company exam today announced a cloud-native portfolio of products designed to enable security teams to detect “the undetectable”.

Built on the cloud-native Exabeam Security Operations Platform, New-Scale SIEM combines cloud-scale security log management, behavioral analytics and an automated investigation experience.

“Security operations teams are failing because of the limitations of legacy SIEM,” Exabeam CEO Michael DeCesare told VentureBeat. “The lack of innovation in the market related to data growth, attack sophistication and a shift to the cloud have created a SIEM effectiveness gap.”

Legacy tools don’t provide a full picture of a threat, he claimed. “They bury analysts with warnings and enforce slow, ineffective and manual investigations.”

Meanwhile, secops teams are inundated with data and don’t know what data to collect, DeCesare added.

At the same time, attacks are becoming more sophisticated and more difficult to detect, and the number of credentials-based attacks is increasing.

More data sources to scale response

The goal of Exabeam’s New-Scale SIEM platform is to enable secops teams to manage more data sources and higher volumes in a cloud-native architecture, DeCesare said. “It involves scaling response to focus on risk-based priorities, scaling investigations with automation, scaling detection with behavioral analytics intelligence across billions of entry points, scaling operations and people to increase talent, and scaling budgets.” with cloud-based economy.”

Exabeam’s products are designed to support a variety of transport methods, including APIs, agents, syslog and log aggregators such as SIEM or log management products – meaning no need to replace an existing SIEM; Exabeam can be added on top, he said.

Exabeam developed and maintains a Common Information Model (CIM) “that adds security context to and speeds up the ingestion of raw event building logs, resulting in faster security event build, search, dashboards, and development of new parsers,” said DeCesare . .

SIEM with behavioral models to detect abnormalities

More than 750 behavioral models enable 1,200 anomaly detection rules in Exabeam to determine normal behavior for each user and device — something older SIEMs can’t do, the company said. For example, for an organization with root registry, 20,000 users, and 50,000 assets, Exabeam is designed to dynamically build and update 50 million unique detection rules.

New-Scale SIEM also strives to give security teams a holistic view of their environments — data from core security products, IT infrastructure, cloud applications, and infrastructure and business applications — combined with critical user and device context and timely threat intelligence, Exabeam said.

“Exabeam is our holistic security operations platform that provides automated visibility, detection, analysis, investigation and response and coordination across our key operational environments,” said Jerry Larsen, IT security manager at Patrick Industries. “We have several ERP systems that all need to be protected and Exabeam does the job better than any legacy SIEM we’ve looked at.”

The new Exabeam Security Operations Platform is built on Google Cloud. The new portfolio built on the platform includes:

• Exameam Security Log Management — Cloud-scale log management to ingest, parse, store, and search log data with dashboarding and correlation.
• Exam SIEM — Cloud-native SIEM at hyperscale with fast, modern search and correlation, reporting, dashboarding and case management.
• Exameam Fusion — SIEM on a new scale, enabled by modern, scalable security log management, behavioral analytics, and Automated Threat Detection and Incident Response (TDIR).
• Exameam Security Analysis — Automated threat detection powered by user and entity behavioral analytics with correlation and threat intelligence.
• Exameam Security Exam — TDIR powered by user and entity behavioral analytics, correlation rules and threat intelligence, supported by alerts, incident management, automated triage and response workflows.

Pricing for New-Scale SIEM “will be linear with no constraints or surprises to workload, allowing security leaders to budget more predictably as data volumes grow and business needs change,” DeCesare said.

The new product portfolio is generally available today.