Exabeam, a global cybersecurity pioneer that delivers AI-driven security operations announced two pioneering cybersecurity features, Threat Center and Exabeam Copilot, to its market-pioneering AI-driven Exabeam Security Operations Platform.
Threat Center
A first-to-market combination, Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralises security analyst workflows, while Exabeam Copilot uses generative AI to help analysts quickly understand active threats and offers best practices for rapid response.
These pioneering-edge innovations greatly reduce learning curves for security analysts and accelerate their productivity in the SOC.
Simple, central interface
“We built Threat Center with Exabeam Copilot to give security analysts a simple, central interface to execute their most critical TDIR functions, automate routine tasks, and supercharge investigations for analysts at any skill level,” said Steve Wilson, Chief Product Officer, Exabeam.
“These new features amp up the value of our AI-driven security operations platform and take analyst productivity, efficiency, and effectiveness to new heights."
Lightening the workload
"Threat Center helps security analysts overcome one of the biggest challenges we’ve heard from them having to deal with too many fragmented interfaces in their environments."
"By combining Threat Center with Exabeam Copilot we not only improve security analyst workflows, we also lighten their workload.”
Solving for lack of visibility and automation
Security operations teams are often challenged with managing multiple security tools
Security operations teams are often challenged with managing multiple security tools, which can lead to siloed data and a lack of visibility into threats. This can make it difficult to understand their entire threat landscape and execute TDIR on time.
According to Exabeam’s recent The State of Threat Detection, Investigation, and Response (TDIR) Report 2023, organisations globally reported that they can “see” or monitor only 66% of their IT environments, leaving ample room for blind spots.
Outcomes Navigator feature
Exabeam customers are already using the Outcomes Navigator feature as a driver to know what parts of their environments they can monitor for TDIR and where coverage improvement may still be needed.
Threat Center streamlines these processes further to remediate threats against covered areas faster.
AI and automation
With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI
The report also reveals that only slightly more than half (53%) of global organisations have automated 50% or less of their TDIR workflow.
With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to cyber threats, helping companies solve for a lack of automation and ultimately accelerating response.
Accurate and consistent TDIR
Powered by AI-driven detection, the Exabeam platform easily pinpoints high-risk threats by learning the normal behaviour of users and entities and prioritising threats with context-aware risk scoring, all presented through the Threat Center interface for faster, more accurate, and consistent TDIR.
Revealed as the second most identified need in the Exabeam TDIR report, 35% of respondents reported a desire for an improved understanding of normal user and entity, and peer group behaviour within their organisation.
Generative AI model
Threat Center unifies threat management, investigation tools, and automation to accelerate and efficiently investigate and respond to threats. Powered by an advanced security-trained, generative AI model, Exabeam Copilot supercharges security analyst investigations.
Threat Center with Exabeam Copilot helps analysts:
- Understand an entire threat that spans multiple detections to tell a complete story of what happened.
- Conduct complex powerful search queries in plain natural language.
- Understand a threat, and know how to respond, using generative AI threat explanations for clear cross-organisation communication.
- Automate routine tasks, expose hidden threats, and greatly accelerate response times.
- Prioritise alerts and cases, with context-aware risk scoring.
- Reduce the number of alerts that analysts need to investigate – detection grouping associates related entities and events.
- Optimise SOC team collaboration with case sharing, case escalation, and shared notes.
- Visualise evidence with interactive threat timelines and instant access to relative data including behavioural models, users, and endpoints.
- Author automation rules critical to SOC workflows, such as escalating specific alerts to cases or queues via APIs or webhooks.
- Utilise pre-built playbooks with the ability to view, disable, or clone for easy customisation.
Maximise Microsoft Sentinel investment with Exabeam
The AI-driven Exabeam Security Operations Platform helps security teams realise the full potential
In addition to identifying high-risk threats, providing faster, more accurate investigation and response, and improving threat coverage, the AI-driven Exabeam Security Operations Platform helps security teams realise the full potential of their security investments.
Also announced, customers can add Exabeam TDIR capabilities on top of existing Microsoft Sentinel deployments. Extending industry-pioneering Exabeam analytics and automation to Microsoft Sentinel helps organisations realise the new potential of their SIEM.
Automated workflows
With Exabeam, Microsoft Sentinel users can see new detections with broader insights and automate workflows, ingest data from a wide range of Microsoft and best-of-breed security products, and accelerate the TDIR capabilities of their SIEM deployment.
The Collector for Microsoft Sentinel adds to a growing list of supported SIEM products - Splunk and IBM QRadar, to name a few.
Customer feedback
Dayforce
“The potential of generative AI to drive accuracy and speed within the SOC delivering increased productivity is becoming a reality through features like Threat Center and Exabeam Copilot,” said Colin Anderson, Chief Information Security Officer, Dayforce.
“Threat Center will save analysts countless hours by enabling SOC analysts to work from one single interface performing investigations and taking actions against identified threats. The Exabeam Copilot AI virtual assistant will be a force multiplier for SOC teams helping to improve cybersecurity across organisations.”
“We are pleased to see the new detection grouping logic inside Threat Center that will give us the comprehensive context we need in one spot about multiple security alerts without having to pivot to another location, this will be especially helpful when multiple alerts turn out to be related to a single threat impacting more than one user or entity on the network,” said Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks.
“We are equally excited to work with Exabeam Copilot, which is like having a subject matter expert right by your side as you investigate and respond to incidents. Exabeam Copilot will help veteran and new analysts alike be far more efficient in the SOC.”
“We are excited to see Exabeam’s generative AI-powered features integrated into their latest technology. You don’t choose your threats. Your threats choose you with little to no warning. We look forward to using Threat Center for a cohesive platform that will allow us to protect our members’ assets and financial data,” said Carl Scaffidi, Chief Information Security Officer, VyStar Credit Union.
“Exabeam Copilot will let us ask very specific questions and get immediate actionable answers, speeding up threat hunting, investigation, and response times.” The general availability of the new features begins in March 2024.
