Exabeam's new cloud-native security operations platforms, dubbed New-Scale SIEM, aims to enable security teams to 'detect the undetectable'.
We sat down with Sanjay Chaudhary, vice president of product management at Exabeam, to discuss the challenges the new platform helps organizations overcome and what evolution the market can expect from Exabeam's portfolio.
What is the new product offering?
We are excited to move the SIEM market forward with the introduction of New-Scale SIEM™. Today, Exabeam announces a groundbreaking cloud-native portfolio of products that allow security teams everywhere to Detect the Undetectable™. New-Scale SIEM is a powerful combination of cloud-scale security log management, industry-leading behavioral analytics, and an automated investigation experience. Built on the cloud-native Exabeam Security Operations Platform, the New-Scale SIEM product portfolio gives worldwide security teams the greatest fighting chance at defeating adversaries with advanced threat detection, investigation, and response (TDIR).
The Exabeam Security Operations Platform is designed to meet customers where they are. Whether they are starting out, a sophisticated organization, or simply want to add an ultra-modern product on top of their legacy SIEM, we meet those needs. Our products span everything from security log management for compliance and basic security use cases, to outcomes-focused threat detection, investigation and response (TDIR) products that are designed to detect and respond to the most complex threats. Our platform enables security operations excellence.
Exabeam cloud-native security log management, SIEM, and behavioral analytics products are built on top of the Exabeam Security Operations Platform. They are modular and provide solutions for organizations wherever they are inside their cybersecurity journey. New products include:
Exabeam Security Log Management - Cloud-scale log management to ingest, parse, store, and search log data with powerful dashboarding and correlation. Available as a standalone offering.
Exabeam SIEM - Cloud-native SIEM at hyperscale with fast, modern search, and powerful correlation, reporting, dashboarding, and case management. Available in conjunction with Exabeam Security Log Management.
Exabeam Security Analytics - Automated threat detection powered by user and entity behavioral analytics with correlation and threat intelligence. Available to run on top of a third-party SIEM.
Exabeam Security Investigation - Threat detection, investigation, and response powered by user and entity behavior analytics, correlation rules, and threat intelligence, supported by alerting, incident management, automated triage, and response workflows. Available to run on top of a third-party SIEM.
Exabeam Fusion - New-Scale SIEM(TM), powered by modern, scalable security log management, powerful behavioral analytics, and automated threat detection, investigation, and response. Our most complete offering, combining the capabilities of the four platform product into one.
What challenge is it aiming to solve?
We hear about four distinct challenges from customers. First, organizations are flooded with data, but they’re unsure if it’s the correct data to help their security efforts. Every security sensor, detection product or security tool is creating and driving the collection of more data which contributes to two major issues: data storage costs which makes SIEM super expensive; and creating complexity for security professionals to parse and identify critical data needed to create a holistic picture of the environment.
The second problem is that in today’s cyber landscape, the defender must know what to look for. They might get a clue like an alert in an EDR product, but they’d need to run a series of manual investigations for the full scope.
The third issue is that threats are buried in a sea of noise. It’s like finding a needle in a haystack. Every product generates tons of alerts, but not all of them require action.
Finally, there’s too much subjectivity when relying on humans to perform manual investigations. Each person has their preferences for the process, but these variations can miss big pieces of what’s happening, and those lead to downstream mistakes.
Why has this been a persistent challenge for organizations? What's been missing from the market?
Adversaries are constantly getting smarter and using an ever-increasing number of attack vectors to breach systems and launch credential-based attacks. Meaning, defender technologies are no longer meeting organizations’ needs in the current threat landscape. The SIEM industry has been ripe for evolution for some time, and we are committed to leading the evolution through innovation.
We provide security teams with a holistic picture of their environment –– data from core security products, IT infrastructure, and business applications joined with critical user and device context and timely threat intelligence data –– to detect what competitive SIEMs simply can’t.
We are also the only modular, cloud-native platform that can add behavioral analytics on top of an existing SIEM or data lake, meeting organization’s at any stage of their security journey from logging only to behavioral analytics to full premium SIEM. Our platform was built from the ground up at Exabeam, by security people for security people.
How do you see this product offering evolving in the future? How does it complement the solutions in your portfolio?
Companies have invested in tools like two-factor authentication and other prevention tools to thwart credential misuse, but it’s no longer enough.
A critical component for detecting compromised credentials is effective behavioral analytics that baseline the normal activity for organizational systems. It can be difficult for an analyst to determine abnormal behavior for a credential or a machine when valid credentials are used because it appears like normal behavior. Exabeam establishes a baseline for all user and device activities to understand normal and then detect anomalies even as normal keeps changing. By giving the analyst information on normal versus abnormal behavior, it paints a very clear picture of what to focus on.
The New-Scale SIEM platform provides complete coverage, hyper scaled for the cloud economy. World-class security log management leverages a cloud-scale architecture to ingest, parse, store, and search data at lightning speed. With this launch, we've introduced many new features that were not available in past products. The speed and scale of the new platform is game changing, and early reports are extremely positive. The modular approach places more capabilities at the user's fingertips, and organizations will be very pleased by the new user experience.