Cloud-based offering helps organisations consolidate and analyse threat indicators; included with all Exabeam subscriptions
Exabeam, the next-gen security management company, today announced Exabeam Threat Intelligence Service, a cloud-based offering that aggregates threat indicators from multiple online sources.
The new service will be an integral part of the Exabeam Security Management Platform and available at no additional charge to customers with a current Exabeam subscription.
Exabeam Threat Intelligence Service collects potential indicators of compromise (IoCs), including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures. Machine algorithms are then applied to remove false positives and rank each indicator. To do this, the Exabeam Security Management platform uses behavioural analytics techniques, similar to those used to assess users or devices, to baseline IoCs and gain a more relevant picture of the threats in the environment.
Analysts will be able to leverage the feeds directly in Exabeam products, simplifying the task of understanding the impact of a potential threat and saving time conducting the investigation. The analytics engine in the Exabeam Security Management Platform will automatically match the IoCs to user and device activities to more accurately assess their risk level. Security analysts can use the new service in several ways, including to:
- Add risk to a session in Exabeam Advanced Analytics when an IoC is involved in a user timeline, such as malware detected on a user’s laptop
- Automate an investigation playbook in Exabeam Incident Responder using a threat indicator, such as a known phishing URL or webmail IP address
- Trigger an alert via a rule in Exabeam Data Lake if an indicator of compromise is detected, such as a known endpoint from a TOR network
“Threat intelligence has always been a good idea but hard to use in practice. The problem is that using the intel is a manual process that eats up an analyst’s time,” said Exabeam CEO Nir Polak. “The stumbling block has always been integration into analyst workflows. By making it available at no extra charge, increasing the value using machine learning, and integrating it directly into our platform, we make it simple. No other enterprise SIEM can offer what Exabeam’s new Threat Intelligence Service does.”
“Organisations are failing at early breach detection, with more than 80% of breaches undetected by the breached organisation. The situation can be improved with threat intelligence, behaviour profiling and effective analytics. SIEM vendors continue to increase their native support for behaviour analysis capabilities as well as integrations with third-party technologies, and Gartner customers are increasingly expressing interest in developing use cases based on behaviour,” wrote Kelly Kavanagh and Toby Bussa, research analysts at Gartner. Exabeam was recognised as a Visionary in Gartner’s 2017 Magic Quadrant for Security Information and Event Management.
Delivered from the cloud, Exabeam Threat Intelligence Service can work with any Exabeam deployment, whether on premises, in a public cloud, or hybrid. Centrally managed, the offering adds no overhead to the operations of customers and will benefit from periodic enhancements. Exabeam Threat Intelligence Service is the first of several planned cloud security services that will form an integral part of the Exabeam Security Management Platform.
Source: Gartner, Inc., Magic Quadrant for Security Information and Event Management, December 4, 2017
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.