Solution Overview PRODUCT OVERVIEW THE CHALLENGE THE SOLUTION Cyber Attacks Rise as Security Technologies Fall Short Exabeam Delivers the Full Picture of the Security Attack Chain with Existing Big Data Cyber attacks continue to infiltrate the network at an alarming rate. Valid credentials are stolen to impersonate legitimate users spanning across IT environments and conducting suspicious activities along the way. Current SIEM technologies can neither detect the subtle anomalies nor correlate them across the complete attack chain, relying on IT security professionals to anticipate malicious behaviors. Additionally, current SIEM and log management technologies generate an overwhelming volume of security alerts to investigate. This presents a huge problem for IT security professionals who are left to sift through countless incidents and alerts, without a layer of intelligence that makes it possible for complete context of the attack. THE PITFALLS Today’s SIEM Overlooks Subtle Behavioral Anomalies There are three critical areas where today’s SIEM solutions are lacking. First, SIEM solutions do not track the complete attack chain – only performing single context correlations (e.g. IP, user name, etc.) Second, they cannot detect user behavior anomalies and must solely rely on known patterns and statistical based rules. For example, SIEM finds repetition of the same incident, such as, brute force attacks, but would miss an attack that used previously stolen credentials to download data accessed from a location that’s abnormal based on the user’s typical behavior. Last, SIEM solutions don’t employ risk scoring techniques, instead uses Boolean matching, with its black and white approach, it easily overlooks most stolen credential attacks that can move under the radar and for long periods of time before they’re realized. Exabeam, an industry pioneer of Big Data Security Analytics, adds security intelligence on top of existing SIEM and log management repositories to understand a complete picture of the user session, allowing the technology to detect and track the full attack chain. The Exabeam User Behavior Intelligence platform uses a powerful combination of session tracking, behavior analysis and risk scoring to automatically determine the likelihood of an attack and prioritize responses. Its revolutionary technology focuses on user behavior and minimizes the mundane steps in detecting cyber attacks. Through the Exabeam platform, IT security professionals can: Enhance current SIEM investments. Exabeam integrates with any SIEM and log management technology, providing an intelligent layer on top of the SIEM platform. Through this integration, IT security teams are able to get additional value from its current SIEM investment by leveraging prepopulated risk scores that prioritize which incidents to investigate. Detect cyber attacks & insider threats in real time. Through Exabeam, IT security teams can easily detect and track the attack chain within the IT environment. Exabeam follows the users’ activities against a baseline of normal behavior to determine anomalies, then immediately detects and notifies on suspicious activities. Optimize security efficiencies by reducing the noise with contextual intelligence. Enterprise must manage volumes of security events and incidents. Exabeam allows enterprises to prioritize and add contextual intelligence to filter out the security clutter and focus on the highest priorities, experiencing a 5:1 ratio in process improvements. See incident elements in context. Exabeam delivers the whole context of the attack chain, allowing for more complete remediation. Customize their deployment as needed. Exabeam expands and scales to your network requirements without slowing network performance. The Exabeam User Behavior Intelligence Platform comprises of four main components: IT SECURITY MACHINE DATA LOG MANAGEMENT ERP C M DB HRMS ITMS Research + Community Insights ACTI VE DIRECTORY EXABEAM ’S USER BEHAV IOR INT ELLIGENC E Extract and Enrich + Session Tracking SCORE 75 Extract and Enrich extracts IT and high value security logs, such as Windows Active Directory, VPN, and security alerts from existing log repositories, to provide enriched context on the attack. Session Tracking tracks all user activities across multiple-dimensions, from entrance to exit of the IT environment regardless of IP, devices and accounts used. It connects discrete activities and security alerts back to the originating logon. Lateral movement tracking is used to monitor access to servers as well as user identity switches. Multi dimensional activity correlation accounts for activities in other sources, such as, VPN, Windows Doman, Unix servers, and more. + Behavior Analysis + Risk Engine Risk Scoring Incident Ranking Attack Detection Behavior Analysis learns user and peer group behavior and characteristics across multiple dimensions. Dimensions can be time, day of the week, location, object access and each dimension is compared against the normal baseline. Then, anomalies are identified. Behavior Analysis models use the data aging process where older data is eliminated and new data is learned Risk Engine provides risk scores on the behavioral anomalies and key facts. It quantifies the security importance of the anomaly and takes into consideration key security data, such as, key access rights, etc. The Risk Engine includes expertly crafted rule sets and extensible rule language, which makes it completely configurable for the enterprise. ABOUT EXABEAM Exabeam, a leading provider of big data security analytics, is unlocking the potential of existing SIEM logs to fundamentally change the way cyberattacks are detected and greatly simplify security operations. The company’s groundbreaking technology applies User Behavior Intelligence, focusing on attacker behavior rather than ever changing malware and tools to detect modern cyberattacks. Built by seasoned security and enterprise IT veterans from Imperva and Sumo Logic, Exabeam is headquartered in San Mateo, California and is privately funded by Norwest Venture Partners, Aspect Ventures and Investor Shlomo Kramer. Visit us on Facebook or Twitter and follow us on LinkedIn. To find out more about Exabeam and its ingenious Big Data Security Analytics platform, visit our website at www.exabeam.com or contact us to speak with our team of security professionals. © 2014 Exabeam
© Copyright 2024 ExpyDoc
