Exabeam Technology

Exabeam Technology

The Exabeam behavior-based security intelligence platform combines advanced data science with powerful security analytics to create Stateful User Tracking capabilities. Stateful User Tracking is what enables Exabeam UEBA to proactively hunt for threats, follow a user's tracks wherever they go in your network, automatically identify risky behavior, and present risky profiles to your security analysts—saving them hours and days in sifting through thousands of alerts and false positives.

See More

 

Stateful User Tracking

Transforming User and Entity Behavior Analytics

Exabeam uniquely transforms security analytics by connecting individual user events into activity sessions. Stateful User Tracking automatically stitches together users’ activities into a distinctive session data model as they use different account credentials, change devices, and appear under different IP addresses. The resulting detailed timeline tells a security story about each session. As a result, Exabeam immediately identifies anomalous and “out-of-character” behaviors, enabling accurate threat detection and accelerated response.

Security systems that are designed to detect, prevent, or alert on certain events quickly overwhelm analysts, making it impossible for them to know “Who is the user for this alert, what has she done since coming to the office, what happened after the alert, and is all of this normal?” Only Exabeam’s Stateful User Tracking holds state as each user changes credentials, devices, and locations over the course of the day to prioritize and deliver truly risky user profiles.

White paper pdf 

See More

 

Data Science

Analysis and Data Science with Embedded Security Expertise

Exabeam flags risky activity using advanced statistical analysis with baseline profiling for deviation measurement. Analysis is based on categorical data, numerical data, and contextual information. Categorical data includes events that fall into specific quantifiable categories, such as the number of logons for a user from a specific country. Numerical data—such as number of assets accessed, duration of a user session, and time of day—is processed using real-time unsupervised clustering for discretization. Contextual information provides additional insight, such as whether an asset is a workstation or server; whether an account is a human or service account; or if a device belongs to a privileged user. Context is estimated by multiple machine learning methods and helps calibrate and sharpen alerts. Then we take analysis several steps farther. Exabeam’s techniques also support broader monitoring, such as cloud access, file-level access, database table access, and application log monitoring. As data science and security threats evolve, the Exabeam platform architecture supports new data science techniques to meet new security challenges.

Learn more

See More

 

Threat Hunting

Ask New Questions

Threat Hunter is an Exabeam security intelligence query tool that uses State- ful User Tracking session data models to complement user behavior analysis. Exabeam Threat Hunter enables security analysts to search and pivot across multiple dimensions of user activity to find sessions that contain specific unusual behaviors or find users that match certain criteria. For example, an analyst might ask to see “all sessions where a user logged into the VPN from a foreign country for the first time, then accessed a new server for the first time, after which FireEye created a malware alert.” This level of analysis across disjoint activities and systems is simple with Exabeam. Now analysts can ask new questions. With Threat Hunter, machine learning provides intelligent answers, in addition to alerts.

White paper pdf

See More