Exabeam, the next-gen security management company, today announced Exabeam Threat Intelligence Service, a cloud-based offering that aggregates threat indicators from multiple online sources. The new service will be an integral part of the Exabeam Security Management Platform and available at no additional charge to customers with a current Exabeam subscription.
Exabeam Threat Intelligence Service collects potential indicators of compromise (IoCs), including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures. Machine algorithms are then applied to remove false positives and rank each indicator. To do this, the Exabeam Security Management Platform uses behavioral analytics techniques, similar to those used to assess users or devices, to baseline IoCs and gain a more relevant picture of the threats in the environment.
Analysts will be able to leverage the feeds directly in Exabeam products, simplifying the task of understanding the impact of a potential threat and saving time conducting the investigation. The analytics engine in the Exabeam Security Management Platform will automatically match the IoCs to user and device activities to more accurately assess their risk level. Security analysts can use the new service in several ways, including to:
Add risk to a session in Exabeam Advanced Analytics when an IoC is involved in a user timeline, such as malware detected on a user’s laptop
Automate an investigation playbook in Exabeam Incident Responder using a threat indicator, such as a known phishing URL or webmail IP address
Trigger an alert via a rule in Exabeam Data Lake if an indicator of compromise is detected, such as a known endpoint from a TOR network
“Threat intelligence has always been a good idea but hard to use in practice. The problem is that using the intel is a manual process that eats up an analyst’s time,” said Exabeam CEO Nir Polak. “The stumbling block has always been integration into analyst workflows. By making it available at no extra charge, increasing the value using machine learning, and integrating it directly into our platform, we make it simple. No other enterprise SIEM can offer what Exabeam’s new Threat Intelligence Service does.”
“Organizations are failing at early breach detection, with more than 80% of breaches undetected by the breached organization. The situation can be improved with threat intelligence, behavior profiling and effective analytics. SIEM vendors continue to increase their native support for behavior analysis capabilities as well as integrations with third-party technologies, and Gartner customers are increasingly expressing interest in developing use cases based on behavior,” wrote Kelly Kavanagh and Toby Bussa, research analysts at Gartner. Exabeam was recognized as a Visionary in Gartner’s 2017 Magic Quadrant for Security Information and Event Management.
Delivered from the cloud, Exabeam Threat Intelligence Service can work with any Exabeam deployment, whether on premises, in a public cloud, or hybrid. Centrally managed, the offering adds no overhead to the operations of customers and will benefit from periodic enhancements. Exabeam Threat Intelligence Service is the first of several planned cloud security services that will form an integral part of the Exabeam Security Management Platform.