Exabeam, the security analytics, and automation company announces a set of new functionalities aligned across Exabeam’s products to solve specific security challenges.

The new Threat Detection, Investigation & Response (TDIR) use case packages provide a powerful, prescriptive solution to help security operations centres (SOCs) improve workflows from collection to detection, investigation, and response using an outcome-based approach.

Prescribed data sources

Generally available in Q2 2021, the TDIR packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists, and response playbooks to assist analysts with repeatedly delivering successful outcomes.

Organisations struggle with failed security implementations because they lack the specialised expertise, detection logic, and clearly mapped investigation and response workflows for common threats,” said Adam Geller, chief product officer at Exabeam. “Consequently, organisations waste time and resources customising products with minimal improvement to their security coverage. With our framework for use cases, security analysts benefit from comprehensive out-of-the-box content so they can be confident in their ability to deliver repeatable, successful outcomes that will improve their security and translate into significant amounts of saved time and resources.”

Providing designed functionality

Exabeam’s TDIR use case packages provide the prescribed content needed to get us there"

We were able to quickly turn on the 'out of the box' use cases and integrate with our systems and processes, improving our detect and response capabilities,” said Jennifer Shields, vice president of information technology, Procter & Gamble. “Directly mapping common security use cases to response workflows is critical for SecOps success,” said Marc Crudgington, CISO, SVP information security, Woodforest National Bank. “We look forward to working with Exabeam as its new TDIR framework helps our industry become far more use case-driven.”

Automated TDIR workflows that are outcome-driven, prescriptive and analytics-powered are required to mature and fortify a healthcare SOC today,” said Joe Horvath, manager, information security, Kelsey-Seybold Clinic. “Exabeam’s TDIR use case packages provide the prescribed content needed to get us there.” Most security products were designed to provide functionality, not results.

Simplifying analyst workflows

The new TDIR use case packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats:

  • External threat use cases that include phishing, malware, ransomware, cryptomining, and brute force attacks.
  • Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement, and data exfiltration.
  • Malicious insider use cases that include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak, and destruction of data.

Common security scenarios

Unlike competing solutions, where coverage for common threats is limited to detection logic, Exabeam’s framework includes content for all phases of threat detection, investigation, and response. This includes comprehensive onboarding guidance for which specific data sources and context are required to achieve the most successful outcomes. The TDIR framework also includes:

  • Out-of-the-box detection models that incorporate coverage for specific adversary tactics and techniques. These are mapped to the MITRE ATT&CK framework to give security teams a common framework for detection.
  • Tailored watchlists that can be set up to allow analysts to monitor high-risk users and devices.
  • Investigation checklists that include a curated list of investigation, containment, and remediation steps. This allows analysts to follow a consistent and repeatable investigation and response workflow.
  • Turnkey playbooks that contain automatable response actions for addressing common security scenarios without requiring customers to licence or configure additional third-party software. These ensure analysts are able to respond in a timely and consistent manner.

Insider threat program

Outcome-based security with prescriptive approaches are strategic to the industry, and this represents a great win for Exabeam customers. These approaches are fundamental to the success of SecOps initiatives,” said Gorka Sadowski, chief strategy officer at Exabeam.

As an example, organisations looking to deploy or improve their insider threat program will be able to quickly gain visibility and response capabilities into malicious behaviour and compromised accounts.”

Download PDF version Download PDF version

In case you missed it

How can manufacturers and integrators mitigate the risks of port forwarding?
How can manufacturers and integrators mitigate the risks of port forwarding?

Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open por...

ASSA ABLOY's mobile unlocking innovation wins award
ASSA ABLOY's mobile unlocking innovation wins award

ASSA ABLOY’s innovative new mobile access solution has won yet another prestigious industry award. At October’s Detektor International Awards, ABLOY CUMULUS received t...

Milestone enhances Care Plus with XProtect remote manager
Milestone enhances Care Plus with XProtect remote manager

Milestone Systems, a global provider of open-platform video management software (VMS), announced the release of the R2 2024 update to its XProtect platform.  This release int...

Quick poll
What's the primary benefit of integrating access control with video surveillance?