Smart Timelines incorporate indicators of compromise (IOCs) from the Exabeam Threat Intelligence Service, including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures. By automating the task of timeline creation and automatically stitching together normal and abnormal behaviours for users and devices, Smart Timelines put an end to a common problem for security analysts– known as ‘swivel chair’ incident response– in which workflows require multiple products with different interfaces and credentials. Now, investigators can accurately pinpoint anomalous events and improve their productivity for incident investigation and threat hunting.
“Exabeam Smart Timelines allow us to quickly analyse and understand when there is a threat, so my team can spend their time acting on the evidence and outmaneuver our adversaries,” said Ryan Clarque, senior manager, Global Cybersecurity, Levi Strauss & Co.
Ian Lee, manager, IT Security and Compliance, Hudbay Minerals, Inc., reiterated Clarque’s point: “Exabeam Smart Timelines stitch together events from various sources, making it easy for us to identify anomalous activity in our environment.”
The Threat Intelligence Service behind Smart Timelines is a curated cloud threat intelligence feed that provides context for potential attacks, which SOCs need, by uncovering IOCs and malicious hosts. As part of the service, Exabeam aggregates IOC feeds and applies machine algorithms to remove false positives before downloading the feeds on a daily basis to Exabeam Data Lake and Exabeam Advanced Analytics.
The Exabeam Security Management Platform now also has a single, unified UI for detection, investigation and response. Having fewer tools to master means that engineers have a significantly reduced learning curve. Additionally, the ability to easily and efficiently move from investigation to case management to response without needing to manually assemble information from multiple disparate systems reduces the chance for human error. By spending more time on investigation, teams decrease the mean time to detect (MTTD) and mean time to respond (MTTR).
“We know that SOC teams are severely time constrained and under intense pressure, due to staffing issues and ubiquitous cyberthreats. Manual tasks like reviewing logs to understand the full scope of an attack can be unnecessarily burdensome,” said Trevor Daughney, vice president of Product Marketing at Exabeam. “Considering how overloaded the SOC team is, we want to end fragmented workflows and combine disparate systems and interfaces, so that critical alerts for distributed attacks aren’t missed.”
Other new features of the Exabeam Security Management Platform include:
- SAML integration for quick and easy single sign-on (SSO) authentication with popular identity and access management (IAM) vendors like Okta, Ping and Google
- Granular role-based access control (RBAC) for watch lists to control access of sensitive user information by role and responsibility
- Eight new out-of-the-box response playbooks and over 20 additional prebuilt integrations connecting Exabeam Incident Responder to popular security tools