Protection: Exabeam's new TDIR framework

Protection: Exabeam's new TDIR framework

Share post

Exabeam's new TDIR framework for threat detection, investigation & response addresses very specific IT security challenges and simplifies work processes.

Exabeam, specialist in security analysis and automation, has equipped its product portfolio with numerous new functions. With these functions, Exabeam helps analysts in the Security Operations Center (SOC) to improve all work processes with regard to their IT security. As the most important new function, Exabeam's Security Management Platform for the first time gets preconfigured packages for Threat Detection, Investigation & Response (TDIR) for three very specific threat categories: External threats, compromised insiders and malicious insiders.

TDIR - Threat Detection, Investigation & Response

These new TDIR packages address customer-specific IT security challenges and thus significantly simplify work processes. They provide preconfigured content for Exabeam's analysis and automation engines in the Exabeam Security Management Platform. The three packages cover the complete lifecycle of security operations workflows, which include prescribed data sources, detection models, watchlists, investigation checklists and response playbooks. The new packages for use cases will be available in the second quarter of 2021.

Pre-configured packages against the three most common threat groups

The new TDIR packages for specific challenges simplify the workflow of analysts by providing preset content for Exabeam's analysis and automation engines and protecting their execution from the three main common threats:

  • Use cases for external threats such as phishing, malware, ransomware, cryptomining and brute force attacks.
  • Use cases for compromised insiders that include privileged activity, account manipulation, privilege escalation, bypassing, compromised credentials, lateral movements, and data exfiltration
  • Malicious insider use cases that include privileged access abuse, account tampering, audit tampering, physical access, data access abuse, data leakage, and data destruction

For every phase of the IT security workflow

Unlike traditional solutions that limit coverage of common threats to detection logic, Exabeams Framework includes content for all phases of threat detection, investigation, and response. This includes a comprehensive onboarding guide that explains what specific data and what context within the response workflows are required to achieve the most successful results. The new TDIR framework also includes:

  • Out-of-the-box detection models covering specific tactics and techniques used by the opponent. These are mapped to the MITER ATT & CK framework to provide security teams with a common framework for detection.
  • Customized watchlists that can be set up so that analysts can monitor high-risk users and devices.
  • Checklists that contain a curated list of investigation, containment, and remedial steps. This enables analysts to follow a consistent and repeatable investigation and response workflow.
  • Turnkey playbooks that contain automatable response measures to deal with common security scenarios without customers having to license or configure additional third-party software. These ensure that the analysts are able to react promptly and consistently.

Companies lack the specialized knowledge

"Companies struggle with poorly functioning security solutions because they lack the specialized knowledge, detection logic, and clearly mapped investigation and response workflows for common threats," said Adam Geller, Chief Product Officer at Exabeam. “As a result, companies waste time and resources customizing products with minimal improvements to their security. With our use case framework, security analysts benefit from comprehensive out-of-the-box solutions so that they can rely on consistently delivering successful results that improve their security and save time and resources. "

More on this at Exabeam.com

 


About Exabeam

Exabeam stands for Smarter SIEM ™. Exabeam enables companies to more efficiently detect, investigate, and respond to cyberattacks so their security and insider threat teams can operate more efficiently. Security organizations no longer have to live with inflated prices, missed distributed attacks and unknown threats or manual investigations and countermeasures. With the Exabeam Security Management Platform, security analysts can collect unlimited log data, use behavioral analysis to detect attacks and automate the response to incidents, both on site and in the cloud. Exabeam Smart Timelines, sequences of user and entity behavior created through machine learning, further reduce the time and specialization required to identify attacker tactics, techniques and procedures. Exabeam is privately funded by Aspect Ventures, Cisco Investments, Icon Ventures, Lightspeed Venture Partners, Norwest Venture Partners, Sapphire Ventures and well-known security investor Shlomo Kramer. More information is available at www.exabeam.com. Follow Exabeam on Facebook, Twitter, YouTube or LinkedIn.


 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more

Backup for Microsoft 365 – new extension

A simple and flexible Backup-as-a-Service (BaaS) solution extends data backup and ransomware recovery functionality for Microsoft 365, reducing downtime ➡ Read more