Exabeam's user behavior intelligence solution provides an identity-based strategy for detecting modern cyberattacks
San Mateo, Calif. – February 18, 2015 – Exabeam, a leader in user behavior intelligence, today announced the general availability of its solution version 1.6, which leverages data collected in existing security information and event management (SIEM) deployments to enable IT security teams to quickly identify attackers already inside the network using stolen valid user credentials. Following eight months of rigorous testing with design partners and beta customers, Exabeam’s out-of-the-box technology has an average install time of less than four hours and brings new, immediate contextual insight to SIEM log data. Exabeam has already amassed more than 20 deployments across the retail, government, manufacturing, financial services and healthcare sectors, including several Fortune 500 companies. With more than a half a million credentials being actively monitored, Exabeam beta customers have reported seeing anomalous behaviors that have represented internal system misconfigurations, policy violations, unauthorized credential sharing and compromised credential usage by attackers employing remote controlled malware against more than a thousand hosts.
Valid user credentials are coveted assets for attackers, as they give direct access to corporate IT resources and sensitive data without triggering alerts. Until now, SIEM technologies in use by public and private sector organizations provided cover for attackers using stolen credentials, as it allowed them to easily slip under the radar due to its inability to detect subtle anomalies in user behavior. Exabeam exposes attackers using stolen credentials by adding a layer of contextual analysis to SIEM log data through machine learning, behavior modeling and risk scoring, and Stateful User Tracking™, which follows the attacker that switches identities. This gives IT security teams a complete view of the entire attack chain timeline for a user session, providing an unprecedented report of attacker activity beyond the initial point of compromise.
"Exabeam helps us detect attackers by separating normal from abnormal credential behaviors, and presenting them as part of an overall attack chain,” said Shane Thoney, vice president of information security at Union Bank.
Exabeam’s user behavior intelligence solution employs a combination of extraction and enrichment of high-value log feeds to attribute security alerts to anomalous user activity and ultimately the credentialed session on the system that caused the alert; Stateful User Tracking and session assembly to create a timeline of credential use from log on to log off; behavior analysis to learn and refine user and peer group behavior; and additive risk scoring to make it easy for security analysts to prioritize which events require immediate attention. Not only does this shorten detection times and give security teams a full picture of the entire attack chain, but it costs less than hiring and training additional data scientists.
“Today’s IT security teams suffer from alert fatigue due to the tens of thousands of false positives generated by security point solutions every day, in addition to the thousands of critical SIEM events that need to be manually reviewed, re-prioritized and investigated,” said Nir Polak, CEO and co-founder at Exabeam. “The cure for this alert fatigue is user behavior intelligence, which starts with anomalous credential behaviors and attaches the appropriate security alert(s) to the credential that was used when the alert occurred. Exabeam makes stolen identity-based attacks visible with real-time insight, which changes the way attacks are detected and mitigated by displaying the entire attack chain of events. Our customers report having an elevated level of visibility into credential behavior, which is creating demand for our solution.”