Security Operations, Channel partners, Content, Threat Intelligence

Exabeam SIEM Unveils Threat Intelligence Service, Case Management Module

Share

Exabeam, the security information and event management (SIEM) solutions provider, this week unveiled a cloud-based Threat Intelligence Service at its Spotlight user conference in Las Vegas, Nevada.

The Threat Intelligence Service aggregates threat indicators from multiple online sources, according to a prepared statement. It applies machine algorithms to remove false-positive alerts and suspicious IP addresses, blacklisted IP addresses and other potential indicators of compromise (IoCs).

Security analysts can leverage the Threat Intelligence Service to add risk to a session in the Exabeam Advanced Analytics user and entity behavior analytics (UEBA) solution when an IoC is involved in a user timeline, the company said. They also can use a threat indicator to automate an investigation playbook in the Exabeam Incident Responder solution or trigger an alert via a rule in the Exabeam Data Lake log management tool.

The Threat Intelligence Service will be integrated into the Exabeam Security Management Platform and available at no additional charge to customers with a current Exabeam subscription. Furthermore, the service can be used in conjunction with on-premises and hybrid and public cloud Exabeam deployments.

Exabeam Adds Case Management Module to Its UEBA Solutions

In addition to its Threat Intelligence Service announcement, Exabeam this week integrated case management functionality into the Exabeam Advanced Analytics and Exabeam Entity Analytics UEBA solutions.

Exabeam Case Management offers threat intelligence to help security analysts speed up incident response, according to the company. It includes a customizable user interface designed for security teams' workflows and leverages machine learning to provide users with relevant fields, values and data for different types of incidents.

What Does Exabeam Case Management Offer?

Key features of Exabeam Case Management include:

  • Case Context: Provides security analysts with access to incidents related to cases in Exabeam Advanced Analytics and Exabeam Entity Analytics interfaces.
  • Incident Cards: Offers graphical cards on each security analyst's Exabeam home page that show active incidents prioritized by severity and automates the creation of tickets based on incidents with a high risk score.
  • Workflow Management: Enables security analysts to see incidents and request a merge or escalation as needed.

Exabeam Case Management is in beta testing, and it is expected to be released next month.

Today, Exabeam provides security intelligence and management solutions to organizations worldwide. The company's Security Intelligence Platform (SIP) empowers organizations with a data lake, machine learning and automated incident response capabilities.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.