Exabeam launches upgraded SIEM platform built for cloud, new threats

With an eye on shifting away from legacy SIEMs, cybersecurity firm Exabeam today announced a cloud-native portfolio of products designed to enable security teams to “detect the undetectable.”

New-Scale SIEM is built on the cloud-native Exabeam Security Operations Platform and combines cloud-scale security log management, behavioral analytics and an automated investigation experience, according to the company. 

“Security operations teams fail due to the limitations of legacy SIEM,’’ Exabeam CEO Michael DeCesare told VentureBeat. “The lack of innovation in the market relative to the growth of data, the sophistication of attacks, and a shift to the cloud have created a SIEM effectiveness gap.”

Legacy tools don’t provide a complete picture of a threat, he maintained. “They bury analysts with alerts and compel slow, ineffective and manual investigations.” 

Meanwhile, secops teams are overwhelmed with data and unsure of what data to collect, DeCesare added. 

At the same time, attacks are becoming increasingly sophisticated and hard to detect, and credential-based attacks are multiplying.

More data sources to scale response

The goal of Exabeam’s New-Scale SIEM platform is to enable secops teams to manage more data sources and higher volumes in a cloud-native architecture, DeCesare said. “It’s about scaling response to focus on risk-based priorities, scaling investigations with automation, scaling detection with behavioral analytics intelligence across billions of access points, scaling operations and people to elevate talent, and scaling budgets with cloud-based economics.” 

Exabeam’s products are designed to support a variety of transport methods including APIs, agents, syslog, and log aggregators such as SIEM or log management products — meaning an existing SIEM doesn’t have to be replaced; Exabeam can be added on top of it, he said. 

Exabeam developed and maintains a common information model (CIM) “that adds security context to, and speeds the ingestion of, raw logs for event building, resulting in faster security event building, search, dashboards and development of new parsers,’’ DeCesare said. 

SIEM with behavioral models to detect anomalies

More than 750 behavioral models power 1,200 anomaly detection rules in Exabeam to baseline normal behavior for every user and device — something legacy SIEMs cannot do, the company said. For example, for an organization with basic logging, 20,000 users, and 50,000 assets, Exabeam is designed to dynamically build and update 50 million unique detection rules.

New-Scale SIEM also aims to give security teams a holistic picture of their environments –– data from core security products, IT infrastructure, cloud applications, and infrastructure and business applications — joined with critical user and device context and timely threat intelligence data, Exabeam said. 

“Exabeam is our holistic security operations platform that provides and coordinates automated visibility, detection, analytics, investigation and response across our key operating environments,” said Jerry Larsen, IT security manager at Patrick Industries. “We have several ERP systems that all need to be protected and Exabeam does the job better than any legacy SIEM we looked at.” 

The new Exabeam Security Operations Platform was architected on Google Cloud. The new portfolio built on the platform includes:

• Exabeam Security Log Management — Cloud-scale log management to ingest, parse, store and search log data with dashboarding and correlation.
• Exabeam SIEM — Cloud-native SIEM at hyperscale with fast, modern search, and correlation, reporting, dashboarding and case management.
• Exabeam Fusion — New-Scale SIEM, powered by modern, scalable security log management, behavioral analytics and automated threat detection and incident response (TDIR). 
• Exabeam Security Analytics — Automated threat detection powered by user and entity behavior analytics with correlation and threat intelligence.
• Exabeam Security Investigation — TDIR powered by user and entity behavioral analytics, correlation rules and threat intelligence, supported by alerting, incident management, automated triage and response workflows.

Pricing for New-Scale SIEM “is linear with no workload restrictions or surprises, allowing security leaders to more predictably budget as data volumes increase and business needs change,’’ DeCesare said. 

The new product portfolio is generally available today.