Prescriptive end-to-end framework enables organizations to protect against external threats, compromised insiders and malicious insiders
Exabeam, the security analytics and automation company, announced a set of new functionalities aligned across Exabeam’s products to solve specific security challenges. The new Threat Detection, Investigation & Response (TDIR) use case packages provide a powerful, prescriptive solution to help security operations centers (SOCs) improve workflows from collection to detection, investigation and response using an outcome-based approach. Generally available in Q2 2021, the TDIR packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists and response playbooks to assist analysts with repeatedly delivering successful outcomes.
Recommended ITech News: GBT Filed Continuation Applications For Database Management And Multi-Dimensional Microchip Patents
“Organizations struggle with failed security implementations because they lack the specialized expertise, detection logic and clearly mapped investigation and response workflows for common threats,” said Adam Geller, chief product officer at Exabeam. “Consequently, organizations waste time and resources customizing products with minimal improvement to their security coverage. With our framework for use cases, security analysts benefit from comprehensive out-of-the-box content so they can be confident in their ability to deliver repeatable, successful outcomes that will improve their security and translate into significant amounts of saved time and resources.”
Customers Validate Approach
“We were able to quickly turn on the ‘out of the box’ use cases and integrate with our systems and processes, improving our detect and response capabilities,” said Jennifer Shields, vice president of information technology, Procter & Gamble.
“Directly mapping common security use cases to response workflows is critical for SecOps success,” said Marc Crudgington, CISO, SVP information security, Woodforest National Bank. “We look forward to working with Exabeam as its new TDIR framework helps our industry become far more use case-driven.”
“Automated TDIR workflows that are outcome-driven, prescriptive and analytics-powered are required to mature and fortify a healthcare SOC today,” said Joe Horvath, manager, information security, Kelsey-Seybold Clinic. “Exabeam’s TDIR use case packages provide the prescribed content needed to get us there.”
Recommended ITech News: GZ6G Technologies Introduces Green Zebra Data Centers Division
Coverage for common threats
Most security products were designed to provide functionality, not results. The new TDIR use case packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats:
- External threat use cases that include phishing, malware, ransomware, cryptomining and brute force attacks.
- Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement and data exfiltration.
- Malicious insider use cases that include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak and destruction of data.
Prescriptive content at each stage of the workflow
Unlike competing solutions, where coverage for common threats is limited to detection logic, Exabeam’s framework includes content for all phases of threat detection, investigation and response. This includes comprehensive onboarding guidance for which specific data sources and context are required to achieve the most successful outcomes. The TDIR framework also includes:
Recommended ITech News: Open Source Software Leader the Eclipse Foundation Launches the Adoptium Working Group for Multi-Vendor Delivery of Java Runtimes for Enterprises
- Out-of-the-box detection models that incorporate coverage for specific adversary tactics and techniques. These are mapped to the MITRE ATT&CK framework to give security teams a common framework for detection.
- Tailored watchlists that can be set up to allow analysts to monitor high-risk users and devices.
- Investigation checklists that include a curated list of investigation, containment and remediation steps. This allows analysts to follow a consistent and repeatable investigation and response workflow.
- Turnkey Playbooks that contain automatable response actions for addressing common security scenarios without requiring customers to license or configure additional third-party software. These ensure analysts are able to respond in a timely and consistent manner.
“Outcome-based security with prescriptive approaches are strategic to the industry, and this represents a great win for Exabeam customers. These approaches are fundamental to the success of SecOps initiatives,” said Gorka Sadowski, chief strategy officer at Exabeam. “As an example, organizations looking to deploy or improve their insider threat program will be able to quickly gain visibility and response capabilities into malicious behavior and compromised accounts.”
Recommended ITech News: Ingram Micro Accelerates Data Center Strategy with Veeam + Zadara Cloud Services