Many IT organizations have invested in security information and event management (SIEM) platforms only to discover that they’ve essentially created a static database that logs security events. They can query that database when there’s an issue to correlate past and present attacks. But in terms of real actionable intelligence, many legacy SIEM platforms are limited.
Exabeam this week announced it is extending its reach beyond end-user behavior analytics to deliver a SIEM platform that is specifically optimized to detect attacks based on compromised end-user credentials. Exabeam CEO Nir Polak says the Exabeam Security Intelligence Platform differentiates itself because even though most cyberattacks today involve compromised end-user credentials, existing SIEMs don’t make it easy to keep track of these types of attacks.
Polak says Exabeam is applying the machine learning algorithms it developed for its analytics application in combination with a variety of open source technologies to create a SIEM that includes a log manager, threat hunter tools, incident response playbooks, as well as connectors to cloud applications and services. That approach, says Polak, enables Exabeam to deliver a SIEM platform capable of processing massive amounts of data at a substantially lower cost than rival SIEM platforms.
In fact, Polak notes that one of the ironies of SIEM platforms based on proprietary software infrastructure is that most IT organizations get charged based on the amount of data stored in them. That results in a situation where the IT organization winds up trying to limit the amount of data being analyzed to reduce overall costs.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
“They wind up not being able to afford to analyze all their data,” says Polak.
Exabeam is still beta testing elements of its SIEM platform. But given the rising level of sophistication associated with IT security attacks, it’s clear that bolstering IT security defenses is a major priority for IT organizations. A big part of that defense strategy is naturally going to involve marrying advanced analytics to what will be massive amounts of data stored in a SIEM platform.