Exabeam's Security Operations Platform gets two new key cybersecurity features: Threat Center and Copilot. The solution combines threat management, investigation tools and automation with a generative AI model.
Threat Center is the first combination in the market to provide a unified threat detection, investigation and response (TDIR) workbench that simplifies and centralizes security analyst workflows. The Copilot feature uses generative AI to help analysts quickly understand active threats and provide best practices for rapid response. These innovations significantly shorten security analysts' learning curve and accelerate their productivity in the SOC. The new features will be available from March 2024.
Details from Threat Center and Exabeam Copilot
Threat Center brings together threat management, investigation tools, and automation to investigate and respond to threats faster and more efficiently. Powered by an advanced security-trained generative AI model, Exabeam Copilot improves security analyst research. Using Threat Center with Exabeam Copilot, analysts can
- Detect when multiple alerts are related to a single threat and uncover everything that is happening.
- Perform complex, powerful searches in simple, natural language.
- Understand a threat and respond appropriately using generative AI explanations for clear communication across organizations.
- Automate routine tasks, uncover hidden threats and significantly reduce response times.
- Prioritize alerts and cases with contextual risk ranking.
- Reduce the number of alarms to investigate by grouping detections related to related entities and events.
- Optimize SOC team collaboration through peer engagement, case escalation, and shared notes.
- Visualize evidence with interactive threat timelines and instant access to relative data - including behavioral models, users and endpoints.
- Create automation rules that are critical to SOC workflows, such as: E.g. escalating specific alarms to cases or queues via APIs or webhooks.
- Use pre-built playbooks that can be viewed, disabled, or cloned for easy customization.
More security for Microsoft Sentinel users
In addition to the new features, Exabeam announced that customers can now add Exabeam's TDIR capabilities to Microsoft Sentinel. This allows Sentinel users to see new threats with more comprehensive insights and automate workflows, as well as ingest data from a wide range of security products and accelerate the TDIR capabilities of their SIEM deployment. The Collector for Microsoft Sentinel joins the list of supported SIEM products such as Splunk and IBM QRadar.
“We built Threat Center with Exabeam Copilot to provide security analysts with a simple, centralized interface to run their core TDIR functions, automate routine tasks, and accelerate investigations for analysts of all skill levels,” said Steve Wilson, Chief Product Officer at Exam beam.
“These new capabilities increase the value of our AI-driven security operations platform and take analyst productivity, efficiency and effectiveness to new levels. Threat Center helps security analysts address one of the biggest challenges we've heard from them - dealing with too many fragmented interfaces in their environments. By combining Threat Center with Exabeam Copilot, we not only improve security analysts’ workflows, but also make their jobs easier.”
More at Exabeam.com
About Exabeam Exabeam stands for Smarter SIEM ™. Exabeam enables companies to more efficiently detect, investigate, and respond to cyberattacks so their security and insider threat teams can operate more efficiently. Security organizations no longer have to live with inflated prices, missed distributed attacks and unknown threats or manual investigations and countermeasures. With the Exabeam Security Management Platform, security analysts can collect unlimited log data, use behavioral analysis to detect attacks and automate the response to incidents, both on site and in the cloud. Exabeam Smart Timelines, sequences of user and entity behavior created through machine learning, further reduce the time and specialization required to identify attacker tactics, techniques and procedures. Exabeam is privately funded by Aspect Ventures, Cisco Investments, Icon Ventures, Lightspeed Venture Partners, Norwest Venture Partners, Sapphire Ventures and well-known security investor Shlomo Kramer. More information is available at www.exabeam.com. Follow Exabeam on Facebook, Twitter, YouTube or LinkedIn.