1 Introduction
First introduced a concept back in 2005, Security Information and Event Management (SIEM) was hailed as the ultimate solution to all enterprise security problems and not without a reason: after all, centralized collection and management of security-related data across all corporate IT systems is a key prerequisite for quick analysis and response to cyberthreats. For nearly a decade, SIEM solutions have dominated the enterprise security market, and even nowadays they are still widely used to power security operations centers in large companies or managed security services for smaller ones.
However, in just a few years it was realized that traditional SIEM products turned out to be somewhat less perfect than anticipated. With the growing number and sophistication of cyber threats, security experts were struggling with alert fatigue, overwhelmed by sheer numbers of notifications produced by a SIEM. Unfortunately, without a meaningful business context attached to each incident and with largely manual forensic research workflows, analysts no longer just have no time to deal with each incident, but even no ability to assess the risk of each one and decide which need their attention first. The storage costs alone for the amounts of security data collected by a SIEM have grown so much that many companies are already looking for more efficient alternatives.
In more recent years, major breakthroughs in the fields of big data analytics and machine learning have enabled security vendors to incorporate intelligent correlation and classification methods into their products, bringing a broad range of security intelligence solutions to the market. Such tools, usually focusing on a specific subset of security events (for example, network traffic inspection or user behavior monitoring), are not just able to reduce the statistical noise and eliminate most false positives from detected alerts; they are sophisticated enough to identify relationships between isolated events, group them into logical units for easier analysis, supply additional context information to analysts and even help them make the right decision with actionable recommendations.
Parallel to these specialized products which usually serve as filtering and preprocessing tools for a traditional SIEM, those platforms themselves are gradually evolving as well, with more intelligence and automation capabilities added to the process of forensic analysis and incident response. In other words, even though traditional SIEM has been long proclaimed dead, the next-generation, smarter SIEM is coming to replace it.
Exabeam is a privately-owned security analytics solution vendor headquartered in Foster City, CA. Founded in 2013 by a group of cybersecurity veterans from companies like Imperva, ArcSight, and Sumo Logic, the company’s been focused on developing a smarter alternative to traditional SIEM platforms. From its beginnings as a user and entity behavior analytics (UEBA) addon to existing SIEMs, Exabeam has quickly evolved into a full-scale yet highly modular general-purpose security management platform, which can either completely replace an existing SIEM deployment or give the customers an opportunity to mix and match individual modules with 3rd party SIEM or SOAR products.
With its flexible deployment options – it can be deployed on-premises or on cloud infrastructure, consumed as a service or through a managed security service provider – and a unique user-based licensing model not tied to the amount of collected data, Exabeam can address any company’s need for a smarter, more automated SIEM replacement.