Exabeam's new TDIR framework for threat detection, investigation & response addresses very specific IT security challenges and simplifies work processes.
Exabeam, specialist in security analysis and automation, has equipped its product portfolio with numerous new functions. With these functions, Exabeam helps analysts in the Security Operations Center (SOC) to improve all work processes with regard to their IT security. As the most important new function, Exabeam's Security Management Platform for the first time gets preconfigured packages for Threat Detection, Investigation & Response (TDIR) for three very specific threat categories: External threats, compromised insiders and malicious insiders.
TDIR - Threat Detection, Investigation & Response
These new TDIR packages address customer-specific IT security challenges and thus significantly simplify work processes. They provide preconfigured content for Exabeam's analysis and automation engines in the Exabeam Security Management Platform. The three packages cover the complete lifecycle of security operations workflows, which include prescribed data sources, detection models, watchlists, investigation checklists and response playbooks. The new packages for use cases will be available in the second quarter of 2021.
Pre-configured packages against the three most common threat groups
The new TDIR packages for specific challenges simplify the workflow of analysts by providing preset content for Exabeam's analysis and automation engines and protecting their execution from the three main common threats:
- Use cases for external threats such as phishing, malware, ransomware, cryptomining and brute force attacks.
- Use cases for compromised insiders that include privileged activity, account manipulation, privilege escalation, bypassing, compromised credentials, lateral movements, and data exfiltration
- Malicious insider use cases that include privileged access abuse, account tampering, audit tampering, physical access, data access abuse, data leakage, and data destruction
For every phase of the IT security workflow
Unlike traditional solutions that limit coverage of common threats to detection logic, Exabeams Framework includes content for all phases of threat detection, investigation, and response. This includes a comprehensive onboarding guide that explains what specific data and what context within the response workflows are required to achieve the most successful results. The new TDIR framework also includes:
- Out-of-the-box detection models covering specific tactics and techniques used by the opponent. These are mapped to the MITER ATT & CK framework to provide security teams with a common framework for detection.
- Customized watchlists that can be set up so that analysts can monitor high-risk users and devices.
- Checklists that contain a curated list of investigation, containment, and remedial steps. This enables analysts to follow a consistent and repeatable investigation and response workflow.
- Turnkey playbooks that contain automatable response measures to deal with common security scenarios without customers having to license or configure additional third-party software. These ensure that the analysts are able to react promptly and consistently.
Companies lack the specialized knowledge
"Companies struggle with poorly functioning security solutions because they lack the specialized knowledge, detection logic, and clearly mapped investigation and response workflows for common threats," said Adam Geller, Chief Product Officer at Exabeam. “As a result, companies waste time and resources customizing products with minimal improvements to their security. With our use case framework, security analysts benefit from comprehensive out-of-the-box solutions so that they can rely on consistently delivering successful results that improve their security and save time and resources. "
More on this at Exabeam.com
About Exabeam Exabeam stands for Smarter SIEM ™. Exabeam enables companies to more efficiently detect, investigate, and respond to cyberattacks so their security and insider threat teams can operate more efficiently. Security organizations no longer have to live with inflated prices, missed distributed attacks and unknown threats or manual investigations and countermeasures. With the Exabeam Security Management Platform, security analysts can collect unlimited log data, use behavioral analysis to detect attacks and automate the response to incidents, both on site and in the cloud. Exabeam Smart Timelines, sequences of user and entity behavior created through machine learning, further reduce the time and specialization required to identify attacker tactics, techniques and procedures. Exabeam is privately funded by Aspect Ventures, Cisco Investments, Icon Ventures, Lightspeed Venture Partners, Norwest Venture Partners, Sapphire Ventures and well-known security investor Shlomo Kramer. More information is available at www.exabeam.com. Follow Exabeam on Facebook, Twitter, YouTube or LinkedIn.