Applications, including the previously announced Exabeam Threat Intelligence Service and the new Exabeam Cloud Archive, will be available on the Cloud Platform through the Exabeam Application Marketplace. The first tool, the Exabeam Parser Editor, a patented self-service parser tool, is being made available with the launch of the Exabeam Cloud Studio on the Cloud Platform.
The multi-tenant Cloud Platform extends Exabeam’s security information and event management (SIEM) solution with capabilities unique to Exabeam – user and entity behavior analytics (UEBA) and object-centric workspaces – as well as cloud storage, data graphing and integrations with over 250 products. As a cloud offering, engineering tasks needed to deploy and maintain the infrastructure’s underlying services are eliminated.
Application Marketplace
The Application Marketplace provides analysts and engineers with a single online location to try, buy and deploy Exabeam security management applications to improve how they work. Initial applications include:
Exabeam Cloud Archive – allows organisations to establish a second, cheaper storage tier for the long-term retention of security without having to endure long search times or inaccessible storage
Exabeam Threat Intelligence Service – allows security teams to fully integrate threat intelligence with correlation rules or behavioural analysis models to indicate added risk of notable users and entities
In the future, applications will also be available from trusted partners. Partners will be able to build applications on the Cloud Platform using Exabeam’s software development toolkit (SDK) or simply sell them through the marketplace.
Cloud Studio
Of all SOC responsibilities, security pros were least satisfied with responsibility for SIEM content creation, according to the Exabeam 2019 Cybersecurity Professionals Salary, Skills and Stress Survey. The Cloud Studio reduces the frustrations of SIEM content creation. Engineers can use tools to quickly develop the content they need to support new use cases. Initially the Cloud Studio includes:
Exabeam Parser Editor – a novel solution that will save engineers an average of six hours a week by allowing them to easily build parsers for new log types and modify existing parsers by uploading a log file and using the simple, intuitive UI of a self-service wizard
“Exabeam’s mission is to make every security practitioner more efficient,” said Nir Polak, CEO, Exabeam. “We previously helped security teams improve productivity by redefining the modern SIEM with UEBA and SOAR. Now, we are raising the bar again, with a cloud platform that allows them to quickly provision and consume new applications, tools and content.”
Exabeam is also announcing additional new features to the Exabeam Security Management Platform (SMP), a modern SIEM that can be deployed as SaaS, in a public or private cloud, or as software on premises:
Turnkey playbooks: out-of-the-box automated playbooks for common security investigations, such as phishing, that unlike playbooks in other security orchestration, automation and response (SOAR) products, do not require third-party licenses or configuration
New cross-platform integrations that allow analysts to seamlessly pivot from events in a user timeline back to the raw log; view cases automatically enriched with user, entity or artifact details; add evidence to cases (or create new cases) directly from user timelines; and build playbooks to recognise anomalous activity
Dark mode: to improve analysts’ visual experience, especially in low-light environments like a dark SOC or late at night when an attack surfaces
The Threat Intelligence Service is currently available to Exabeam customers at no additional cost. The Cloud Archive will initially be available to Exabeam SaaS Cloud customers in Q2 2020. The Parser Editor will be available in a limited release in Q2 2020. The other new Exabeam SMP features will be available in Q2 2020.