Exabeam, the security analytics, and automation company announces a set of new functionalities aligned across Exabeam’s products to solve specific security challenges.
The new Threat Detection, Investigation & Response (TDIR) use case packages provide a powerful, prescriptive solution to help security operations centres (SOCs) improve workflows from collection to detection, investigation, and response using an outcome-based approach.
Prescribed data sources
Generally available in Q2 2021, the TDIR packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists, and response playbooks to assist analysts with repeatedly delivering successful outcomes.
“Organisations struggle with failed security implementations because they lack the specialised expertise, detection logic, and clearly mapped investigation and response workflows for common threats,” said Adam Geller, chief product officer at Exabeam. “Consequently, organisations waste time and resources customising products with minimal improvement to their security coverage. With our framework for use cases, security analysts benefit from comprehensive out-of-the-box content so they can be confident in their ability to deliver repeatable, successful outcomes that will improve their security and translate into significant amounts of saved time and resources.”
Providing designed functionality
Exabeam’s TDIR use case packages provide the prescribed content needed to get us there"
“We were able to quickly turn on the 'out of the box' use cases and integrate with our systems and processes, improving our detect and response capabilities,” said Jennifer Shields, vice president of information technology, Procter & Gamble. “Directly mapping common security use cases to response workflows is critical for SecOps success,” said Marc Crudgington, CISO, SVP information security, Woodforest National Bank. “We look forward to working with Exabeam as its new TDIR framework helps our industry become far more use case-driven.”
“Automated TDIR workflows that are outcome-driven, prescriptive and analytics-powered are required to mature and fortify a healthcare SOC today,” said Joe Horvath, manager, information security, Kelsey-Seybold Clinic. “Exabeam’s TDIR use case packages provide the prescribed content needed to get us there.” Most security products were designed to provide functionality, not results.
Simplifying analyst workflows
The new TDIR use case packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats:
- External threat use cases that include phishing, malware, ransomware, cryptomining, and brute force attacks.
- Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement, and data exfiltration.
- Malicious insider use cases that include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak, and destruction of data.
Common security scenarios
Unlike competing solutions, where coverage for common threats is limited to detection logic, Exabeam’s framework includes content for all phases of threat detection, investigation, and response. This includes comprehensive onboarding guidance for which specific data sources and context are required to achieve the most successful outcomes. The TDIR framework also includes:
- Out-of-the-box detection models that incorporate coverage for specific adversary tactics and techniques. These are mapped to the MITRE ATT&CK framework to give security teams a common framework for detection.
- Tailored watchlists that can be set up to allow analysts to monitor high-risk users and devices.
- Investigation checklists that include a curated list of investigation, containment, and remediation steps. This allows analysts to follow a consistent and repeatable investigation and response workflow.
- Turnkey playbooks that contain automatable response actions for addressing common security scenarios without requiring customers to licence or configure additional third-party software. These ensure analysts are able to respond in a timely and consistent manner.
Insider threat program
“Outcome-based security with prescriptive approaches are strategic to the industry, and this represents a great win for Exabeam customers. These approaches are fundamental to the success of SecOps initiatives,” said Gorka Sadowski, chief strategy officer at Exabeam.
“As an example, organisations looking to deploy or improve their insider threat program will be able to quickly gain visibility and response capabilities into malicious behaviour and compromised accounts.”