Exabeam- Experts & Thought Leaders

Exabeam, a global cybersecurity pioneer that delivers AI-driven security operations, announced Investigation Timelines™ within the Exabeam Search™ application, a powerful new capability on the Exabeam Security Operations Platform™. An industry-first, Investigation Timelines break down silos and simplify investigations for security analysts with integrated cross-platform workflows. Designed to empower security teams amid growing threats and skills shortages, this innovative capability provides instant visualisations of chronological events for any search result or filter.  Automate analysis workflows “Security operations personnel are struggling to keep pace with cyberthreats, including those increasingly fuelled by AI. They’ve been asking for the ability to automate analysis workflows and streamline the examination of incidents, and we’re delivering the ability to timeline anything to help significantly decrease response times,” said Steve Wilson, Chief Product Officer at Exabeam. “Investigation Timelines are not just a technological advancement—they are a strategic ally and guide, helping analysts understand the chronological story of what took place before, during, and after an attack, piece together what really happened, and shut adversaries down.” Exabeam’s revolutionary Smart Timelines™ Investigation Timelines go much deeper and are designed to allow analysts to timeline any entity An evolution of Exabeam’s revolutionary Smart Timelines™, Investigation Timelines go much deeper and are designed to allow analysts to timeline any entity, artefact, or field within the Search experience. This means they can now build timelines not just for users and hosts but applications and processes too.  In addition, analysts can build timelines that group any of these details together. The timelines offer more granular visibility and at the same time simplify the overall investigation experience. Exabeam’s well-known Smart Timelines “Investigation Timelines expand the scope of what analysts can see and essentially bring Exabeam’s well-known Smart Timelines into Exabeam Search so that they no longer have to pivot between views during investigations,” said Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks. “The new timelines greatly speed up threat hunting by giving far more context inside Search which will make it even easier to explain what happened around any suspicious activities.” Key challenges Investigation Timelines is designed to help security analysts and threat hunters solve many of their key challenges: Fragmented investigations: Most products require switching between security tools for investigations. By integrating threat investigation capabilities within the Exabeam Search app, users gain a more streamlined investigation workflow which is designed to drastically improve productivity. Inconsistent investigations: With other products, analysts can investigate the same threat, manually attempt to piece together actions, and each reach a different conclusion. Investigation Timelines provides a consistent experience by combining the automated behaviour analysis of every single event. This is designed to ensure more consistent investigations for analysts at any skill level. Overwhelming number of events: Search results often return too many total events, most with unspecific conclusions. Enhanced search and filter options within the timeline view can now indicate the risk levels of events and link detections to the triggering ones automatically, reducing manual analysis and research. This helps analysts arrive more quickly at what actually happened before, during, and after an attack.  Inadequate investigation capabilities of traditional SIEM and log management tools: Most products provide a list view when searching for an indicator of compromise (IoC). Investigation Timelines provides both an event view and a comprehensive timeline view showing both normal and abnormal behaviour.  Investigation Timelines is designed to transform the way security teams perform threat detection, investigation, and response (TDIR) and is expected to be generally available in Q2 2024.

Exabeam, a global cybersecurity pioneer that delivers AI-driven security operations announced two pioneering cybersecurity features, Threat Center and Exabeam Copilot, to its market-pioneering AI-driven Exabeam Security Operations Platform. Threat Center A first-to-market combination, Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralises security analyst workflows, while Exabeam Copilot uses generative AI to help analysts quickly understand active threats and offers best practices for rapid response. These pioneering-edge innovations greatly reduce learning curves for security analysts and accelerate their productivity in the SOC.  Simple, central interface “We built Threat Center with Exabeam Copilot to give security analysts a simple, central interface to execute their most critical TDIR functions, automate routine tasks, and supercharge investigations for analysts at any skill level,” said Steve Wilson, Chief Product Officer, Exabeam. “These new features amp up the value of our AI-driven security operations platform and take analyst productivity, efficiency, and effectiveness to new heights." Lightening the workload "Threat Center helps security analysts overcome one of the biggest challenges we’ve heard from them having to deal with too many fragmented interfaces in their environments." "By combining Threat Center with Exabeam Copilot we not only improve security analyst workflows, we also lighten their workload.”  Solving for lack of visibility and automation Security operations teams are often challenged with managing multiple security tools Security operations teams are often challenged with managing multiple security tools, which can lead to siloed data and a lack of visibility into threats. This can make it difficult to understand their entire threat landscape and execute TDIR on time. According to Exabeam’s recent The State of Threat Detection, Investigation, and Response (TDIR) Report 2023, organisations globally reported that they can “see” or monitor only 66% of their IT environments, leaving ample room for blind spots.  Outcomes Navigator feature Exabeam customers are already using the Outcomes Navigator feature as a driver to know what parts of their environments they can monitor for TDIR and where coverage improvement may still be needed. Threat Center streamlines these processes further to remediate threats against covered areas faster. AI and automation With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI The report also reveals that only slightly more than half (53%) of global organisations have automated 50% or less of their TDIR workflow.  With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to cyber threats, helping companies solve for a lack of automation and ultimately accelerating response.  Accurate and consistent TDIR Powered by AI-driven detection, the Exabeam platform easily pinpoints high-risk threats by learning the normal behaviour of users and entities and prioritising threats with context-aware risk scoring, all presented through the Threat Center interface for faster, more accurate, and consistent TDIR. Revealed as the second most identified need in the Exabeam TDIR report, 35% of respondents reported a desire for an improved understanding of normal user and entity, and peer group behaviour within their organisation.  Generative AI model Threat Center unifies threat management, investigation tools, and automation to accelerate and efficiently investigate and respond to threats. Powered by an advanced security-trained, generative AI model, Exabeam Copilot supercharges security analyst investigations.  Threat Center with Exabeam Copilot helps analysts:  Understand an entire threat that spans multiple detections to tell a complete story of what happened. Conduct complex powerful search queries in plain natural language. Understand a threat, and know how to respond, using generative AI threat explanations for clear cross-organisation communication. Automate routine tasks, expose hidden threats, and greatly accelerate response times.  Prioritise alerts and cases, with context-aware risk scoring. Reduce the number of alerts that analysts need to investigate – detection grouping associates related entities and events. Optimise SOC team collaboration with case sharing, case escalation, and shared notes. Visualise evidence with interactive threat timelines and instant access to relative data including behavioural models, users, and endpoints. Author automation rules critical to SOC workflows, such as escalating specific alerts to cases or queues via APIs or webhooks. Utilise pre-built playbooks with the ability to view, disable, or clone for easy customisation. Maximise Microsoft Sentinel investment with Exabeam The AI-driven Exabeam Security Operations Platform helps security teams realise the full potential In addition to identifying high-risk threats, providing faster, more accurate investigation and response, and improving threat coverage, the AI-driven Exabeam Security Operations Platform helps security teams realise the full potential of their security investments. Also announced, customers can add Exabeam TDIR capabilities on top of existing Microsoft Sentinel deployments. Extending industry-pioneering Exabeam analytics and automation to Microsoft Sentinel helps organisations realise the new potential of their SIEM.  Automated workflows With Exabeam, Microsoft Sentinel users can see new detections with broader insights and automate workflows, ingest data from a wide range of Microsoft and best-of-breed security products, and accelerate the TDIR capabilities of their SIEM deployment. The Collector for Microsoft Sentinel adds to a growing list of supported SIEM products - Splunk and IBM QRadar, to name a few. Customer feedback Dayforce “The potential of generative AI to drive accuracy and speed within the SOC delivering increased productivity is becoming a reality through features like Threat Center and Exabeam Copilot,” said Colin Anderson, Chief Information Security Officer, Dayforce. “Threat Center will save analysts countless hours by enabling SOC analysts to work from one single interface performing investigations and taking actions against identified threats. The Exabeam Copilot AI virtual assistant will be a force multiplier for SOC teams helping to improve cybersecurity across organisations.” SA Power Networks “We are pleased to see the new detection grouping logic inside Threat Center that will give us the comprehensive context we need in one spot about multiple security alerts without having to pivot to another location, this will be especially helpful when multiple alerts turn out to be related to a single threat impacting more than one user or entity on the network,” said Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks. “We are equally excited to work with Exabeam Copilot, which is like having a subject matter expert right by your side as you investigate and respond to incidents. Exabeam Copilot will help veteran and new analysts alike be far more efficient in the SOC.” VyStar Credit Union “We are excited to see Exabeam’s generative AI-powered features integrated into their latest technology. You don’t choose your threats. Your threats choose you with little to no warning. We look forward to using Threat Center for a cohesive platform that will allow us to protect our members’ assets and financial data,” said Carl Scaffidi, Chief Information Security Officer, VyStar Credit Union. “Exabeam Copilot will let us ask very specific questions and get immediate actionable answers, speeding up threat hunting, investigation, and response times.” The general availability of the new features begins in March 2024. 

Exabeam, a global pioneer in cybersecurity that delivers AI-driven security operations announced the successful completion of an Information Security Registered Assessors programme (IRAP) assessment at the Protected level for the Exabeam Security Operations Platform. Aligned with the standards set by the Australian Signals Directorate, this assessment highlights Exabeam's commitment to providing advanced AI-driven security operations solutions that meet high-security standards, benefiting both government and commercial customers. IRAP assessment The successful completion of the IRAP assessment serves as a baseline evaluation of Exabeam's adherence to the Australian Government's Information Security Manual (ISM). This process is instrumental in benchmarking Exabeam's cloud-native security information and event management (SIEM) solutions against the Australian Government cybersecurity standard. Robust practices and standards IRAP assessment aids in enhancing the resilience and security posture of Australia’s critical infrastructure The IRAP assessment of Exabeam plays a supportive role in helping critical infrastructure providers meet their obligations under the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and the Security of Critical Infrastructure Act 2018. By focusing on robust security practices and aligning with the stringent standards set by the Australian Signals Directorate, the IRAP assessment aids in enhancing the resilience and security posture of Australia’s critical infrastructure. This is crucial for critical infrastructure providers navigating the compliance landscape shaped by these legislative acts, ensuring they uphold security measures to protect Australia's vital assets. AI-driven Exabeam Security Operations Platform The AI-driven Exabeam Security Operations Platform underwent a rigorous independent assessment by an IRAP assessor, demonstrating alignment with the Protected level of security requirements. This process underscores the Exabeam dedication to maintaining the highest standards in security for Australian federal, state, and local governments, and private enterprises. As part of the IRAP assessment process, Exabeam stakeholders also engaged in a comprehensive training programme, covering the IRAP regulations and fundamentals of the Australian Cyber Security Centre’s (ACSC’s) Information Security Manual. Cloud-native security operations We are thrilled to reinforce Exabeam's capabilities for organisations and government agencies in Australia" Gareth Cox, Vice President for APJ at Exabeam, commented on this achievement, "We are thrilled to reinforce Exabeam's capabilities for organisations and government agencies in Australia." "Completing the IRAP assessment underscores our ongoing commitment to delivering and maintaining AI-driven and cloud-native security operations solutions that adhere to the most rigorous security benchmarks.” Guidance and evaluation IRAP assessors, ACSC-endorsed ICT professionals with extensive experience and qualifications in ICT, security assessment, and risk management, provided guidance and evaluation on Exabeam's capabilities across various domains, including ICT systems, cloud services, and gateways. This process enables Exabeam to support Australian government agencies effectively in safeguarding their critical data and infrastructure.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”