Related Links

Exabeam, the security analytics, and automation company announces Exabeam Alert Triage, a new cloud-native application that will help security analysts confidently wrangle the overwhelming number of alerts coming at them each day from a myriad of other third-party vendor tools.

Included as a new integrated application for all cloud customers using Exabeam advanced analytics and Exabeam case manager, Alert Triage enriches alerts with context and presents them in a single screen so analysts can make faster decisions about which alerts to escalate or dismiss. It also ensures analysts don’t miss the critical alerts that require escalation to prevent breaches.

Receiving security alerts

Analysts receive thousands of security alerts a day spread across disparate tools. Unable to keep up with the volume, they must ignore a significant number of them, which leaves their organisations vulnerable to threats,” said Adam Geller, chief product officer at Exabeam. “We developed the Alert Triage application to provide automation throughout the triage workflow so security analysts can be freed up to focus on what matters most -- fortifying their organisation's cybersecurity defences to prevent breaches.”

Analysts receive thousands of security alerts a day spread across disparate tools"

We’ve had great success running Alert Triage in its beta version. At first, watching so many alerts get centralised into a single screen was somewhat unbelievable, but Exabeam has done it,” said Zane Gittins, IT security specialist at Meissner. “It’s been refreshing to not have to go from app to app to look at different alerts and it absolutely reduces the time it takes to triage them.”

Traditional triage workflows

Security personnel say they are only able to investigate 45% of the daily alerts they receive, according to research from the Ponemon Institute. The report surveyed 596 IT and security practitioners and also found that 33% of alerts in traditional SIEMs are false positives.

The traditional triage process requires analysts to first determine what the alert is for (users or entities), gather the right contextual information (positions, locations, sources, etc.), and then sift through logs to determine the priority of the alert. Next, an analyst must decide whether or not to escalate it for further review. Blending traditional triage workflows with context generated from machine learning-based analytics, Alert Triage does this time-consuming and tedious work automatically. It categorises, aggregates, and enriches alerts with contextual data including host, IP, severity of alerts, related behavioural anomalies, and overall risk scores of associated users and entities.

Incident response team

The ability to categorise alerts allows managers to create and assign channels to team members

From the security alert, analysts can easily navigate to an associated user or entity timeline to understand what happened before and after the alert was triggered.

Armed with context to understand the scope of the security alert, analysts can rapidly and confidently dismiss or escalate the alert to the incident response team.

Alert Triage benefits include:

  • Visibility - Centralising the alert triage process and organising an analyst's triage efforts enables analysts to review alerts faster. Visibility into all of the alerts that security tools have triggered in an organisation minimises the likelihood that an alert is missed or overlooked.
  • Focus - The ability to categorise alerts allows managers to create and assign channels to team members. A channel helps focus an analyst’s attention on a specific type of alert and allows them to develop subject matter expertise.
  • Productivity - An analyst can triage alerts in aggregate batches, which boosts their productivity. Greater productivity means analysts are able to review a higher percentage of incoming alerts and reduce the possibility that an alert will go unreviewed and lead to a breach.

Latest security incidents

"When we look at the latest security incidents such as the SolarWinds or Microsoft Exchange attacks, more likely than not, the impacted organisations had at least one security alert generated about the threats from one of their third-party security vendor tools,” said Gorka Sadowski, chief strategy officer at Exabeam.

Unfortunately, that alert was likely drowned in all of the other false positive alerts and had to be discarded. Exabeam helps our customers spend time on the alerts that really matter."

Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

AMPELMANN GmbH enhances security with ASSA ABLOY eCLIQ solution
AMPELMANN GmbH enhances security with ASSA ABLOY eCLIQ solution

The Ampelmännchen (“little traffic light man”) from the former GDR is a cult figure around the globe. For tourists, the shops of AMPELMANN GmbH in Berlin are a big...

What are the unique challenges of the government market for security?
What are the unique challenges of the government market for security?

Factors such as stable demand and large contracts make the government market particularly enticing for security companies and professionals. However, entering and thriving in the g...

RapidSOS enables critical data sharing to improve emergency response
RapidSOS enables critical data sharing to improve emergency response

In an emergency, information is pivotal. More information provides better understanding of an emergency and empowers potentially life-saving decision-making. Emergency response tea...

Featured white papers
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
The role of artificial intelligence to transform video imaging

The role of artificial intelligence to transform video imaging

Download
Access control system planning phase 1

Access control system planning phase 1

Download
Key Findings from the 2024 Thales Cloud Security Study

Key Findings from the 2024 Thales Cloud Security Study

Download
Video surveillance

Video surveillance

Download
Quick poll
Which feature is most important in a video surveillance system?
More corporate news
Suprema rated as the top brand for access control management software and mobile access solution

Suprema rated as the top brand for access control management software and mobile access solution
Sage Integration announces the appointment of Ross Westermann as the company’s National Project Manager

Sage Integration announces the appointment of Ross Westermann as the company’s National Project Manager
Exabeam launches new functionalities to solve specific security challenges

Exabeam launches new functionalities to solve specific security challenges
Featured products
Anviz iCam-B25: Versatile Surveillance Solution for Business and Public Safety

Anviz iCam-B25: Versatile Surveillance Solution for Business and Public Safety
Dahua's AI-powered Bullet WizMind Network Camera

Dahua's AI-powered Bullet WizMind Network Camera
Illustra Flex Gen4 AI-powered Dual Sensor Multi-directional camera

Illustra Flex Gen4 AI-powered Dual Sensor Multi-directional camera