Exabeam, the security analytics and automation company, has announced a US$ 200 million Series F growth round, at a valuation of US$ 2.4 billion. The round is led by the Owl Rock division of Blue Owl Capital and supported by existing investors, Acrew Capital, Lightspeed Venture Partners and Norwest Venture Partners. Exabeam also welcomes cyber security industry veteran, Michael DeCesare as Chief Executive Officer (CEO) and President. The company’s Co-Founder and first CEO, Nir Polak, will continue on as an active member of the executive team and remain at the company. Additionally, Nir Polak will assume the role of Chairman of the Board. New executive appointments Michael DeCesare has more than 25 years of experience in leading high-growth security companies. He was President of McAfee, and most recently, he was CEO and President of ForeScout Technologies, which went public in 2017 under his leadership. In addition, Exabeam Chief Product Officer, Adam Geller will now lead both the product and engineering organisations, ensuring even tighter integration and alignment, as the company innovates and invests in creating the number one trusted cloud SecOps platform on the market. Geller was previously a Senior Vice President of Cloud Security at Palo Alto Networks, before joining Exabeam in 2020. UEBA expert Exabeam defined the user entity and behaviour analytics (UEBA) security technology category" Michael DeCesare said, “Exabeam defined the user entity and behaviour analytics (UEBA) security technology category and is a leader in the security information and event management (SIEM) market. Innovation is in our DNA.” He adds, “We are reimagining the threat detection, investigation and response (TDIR) problem with an open extended detection and response (XDR), offering automation and use case-specific content so security analysts can quickly defend against threats, which is a true game changer for security teams.” Series F funding round Michael DeCesare further stated, “Nir has built an incredibly robust, diverse and inclusive culture at Exabeam, and I am committed to helping it flourish. I’m thrilled to join Nir, Adam and the whole leadership team, to help drive the company through its next phase of growth.” Nir Polak stated, “This funding round gives us the operating capital required to continue executing on our vision to deliver the number one trusted cloud SecOps platform on the market.” Outcome-based security approach Nir adds, “It gives us the opportunity to triple down on our R&D efforts and continue engineering the most advanced UEBA, XDR and SIEM cloud security products available today. Now with Mike at the helm and Adam’s leadership over product and engineering, we have assembled a seasoned executive team ready to scale and take our business to the next level.” Exabeam’s outcome-based approach to security around external threats, compromised insiders and malicious insiders is perfectly suited to support organisations as they manage exponential amounts of data and return to the post-pandemic workplace in a variety of hybrid scenarios. Cloud-based analytics and automation The company recently launched its new Fusion product line with Fusion XDR and Fusion SIEM The company recently launched its new Fusion product line with Fusion XDR and Fusion SIEM. With 70 percent of new business in 2020 delivered through Exabeam cloud-based analytics and automation, adding XDR puts a new name on what Exabeam already provides to customers. Over the last 12 months, Exabeam has also made significant investments in the Exabeam Partner Programme, which now includes more than 400 resellers, distributor, system integrator, MSSP, MDR and consulting partners globally. Technology integration with IT and security companies In addition, driven by its open XDR approach for security teams, the company now has over 500 technology integrations with major IT and security companies, including cloud network, data lake and end-point vendors, such as CrowdStrike, Okta and Snowflake. “Exabeam is poised to be the next-gen leader in the cloud security analytics, XDR and SIEM markets. We led this round of funding to provide the company with the resources necessary to support its sustainable, long-term growth and value creation,” said Pravin Vazirani, Managing Director and Co-Head of Tech Investing, Blue Owl Capital. Cyber security, a mission-critical function Pravin Vazirani adds, “In today’s operating environment, cyber security is increasingly recognised as a mission-critical function across industries, and we’re proud to partner with Michael, Nir and the Exabeam team as they seize the opportunity ahead of them, continue to innovate and enable their clients to stay at the forefront in terms of identifying and addressing threats across their technology platforms.” According to Mordor Intelligence, the cloud security software market is valued at US$ 29.5 billion in 2020 and is expected to reach a market value of US$ 37.37 billion by 2026, registering a CAGR of 5.2 percent over the forecast period (2021-2026). Gartner predicts that the SIEM market, worldwide, is poised to grow from US$ 4 billion to US$ 6.3 billion, during the 2020-2024 periods, progressing at a CAGR of 11.86 percent, during the forecast period. IT and cyber security trends Exabeam has been able to quickly pivot to digital, remote and hybrid IT work strategies" “Exabeam is in the middle of a large IT and cyber security trend, where organisations must capture more data across a growing distributed IT infrastructure, while ensuring the security and integrity of the platforms upon which their businesses operate,” said Ravi Mhatre, Partner, Lightspeed Venture Partners, and Exabeam Board Member. Ravi Mhatre adds, “To the credit of its leadership, Exabeam has been able to quickly pivot to digital, remote and hybrid IT work strategies, driving new sales, while making existing customers even more successful. We look forward to the company’s continued growth.” Cloud adoption by large enterprises “Cloud adoption by large enterprises has been pulled forward, and Exabeam is in an elite group of companies that successfully weathered market uncertainties through 2020 as it accelerated its move to a cloud-first company,” said Theresia Gouw, Founding Partner at Acrew Capital and Exabeam Board Member. Theresia Gouw adds, “Exabeam is a leading security player in a high-demand, high-stakes market where business and IT executives must be able to see all of their data, no matter its location, to make smart security, infrastructure and business decisions. The proven leadership at Exabeam continues to execute exceedingly well, and last year, the company was the fastest private security management company to hit US$ 100 million in ARR.” “This funding and valuation marks a new chapter in Exabeam’s journey, as it pushes full speed ahead on breaking out of the security management space and becoming a 100 percent fully ‘for-the-cloud’ SecOps innovator,” said Matthew Howard, General Partner at Norwest Venture Partners, adding “We are confident the company will continue to deliver additional value to security operation centres (SOCs), helping them become even more efficient and effective at protecting their organisations.”
Exabeam, the security analytics and automation company, and Pcysys, the pioneer in automated security testing, announces a partnership to enable global organisations to defend against the latest incoming, live and ever-changing advanced attack techniques. The partnership also helps build ‘purple team’ security methodologies and simulation exercises into SOC workflows and improves cross-team communications. “Working with Pcysys, we leverage vast research on the latest advanced attack techniques to develop and release new detections that customers can use to continuously outsmart the odds,” said Adam Geller, Chief Product Officer, Exabeam. Changing threat landscape “The joint technologies enable successful security outcomes through a proactive prescriptive approach that represents a great win for the industry. Together, we ensure that professionals on the front lines defending their organisations are far ahead of today’s sophisticated adversaries.” The Exabeam and Pcysys partnership offers customers the ability to take a proactive approach to security “By bringing the technologies of Pcysys and Exabeam together, we can rapidly accelerate organisations’ ability to respond with accuracy to the changing threat landscape,'' commented Ran Tamir, Chief Product Officer, Pcysys. “And by continuously assessing potential threat impact together with response and mitigation processes, SOC and SecOps teams can drastically improve their levels of preparedness.” The Exabeam and Pcysys partnership offers customers the ability to take a proactive approach to security. Automated pen tests allow organisations to identify and remediate gaps in their overall detection capabilities. Real-world attack scenarios The partnership further standardises collection, detection, investigation and response workflows through automation, meaning organisations can frequently and constantly validate their own Threat Detection, Investigation and Response (TDIR) capabilities. In addition, it helps organisations increase security coverage for various Tactics, Techniques, and Procedures (TTPs) by continuously supplying new content based on real-world attack scenarios. While 92% of organisations conduct red team and blue team exercises, traditional approaches are manual and cumbersome, leaving many organisations unable to reliably and consistently test their downstream investigation and response processes. As a result, security engineers frequently struggle to ensure their tools can keep up with detecting the latest emerging and advanced threats. The Exabeam and Pcysys partnership also ensures purple teams across industries and organisations are sharing the precise information needed between red and blue teams to consistently fortify cybersecurity defence.
Exabeam, the security analytics and automation company announce Exabeam Fusion XDR and Exabeam Fusion SIEM, two new powerful cloud-delivered security products that efficiently solve threat detection, investigation and response (TDIR) without disrupting an organisation’s existing technology stack. Exabeam Fusion products integrate behavioural analytics and automation capabilities to deliver the outcomes-based approach to security operations (SecOps). The Fusion product line showcases an open system approach to extended detection and response (XDR) and security information and event management (SIEM) enabling any organisation to acquire an advanced TDIR layer on top of existing IT and security stacks. Advanced behaviour analytics Exabeam is also announcing the general availability of its TDIR use case packages that are integrated into Fusion XDR and Fusion SIEM. “We’ve been using Exabeam as our XDR for some time now as the technology can see and connect data from far more locations than just our endpoint detection and response solutions,” said Marc Crudgington, CISO at Woodforest National Bank. Exabeam is also announcing the general availability of its TDIR use case packages “It’s exciting to see Exabeam package its advanced behaviour analytics and automation capabilities into these forward-thinking cloud products. We rely on Exabeam Fusion XDR in our SOC operations to help us more quickly detect, investigate and remediate threats — an essential outcome in keeping our networks, business operations, employee and customer data continuously protected.” Malicious insider attacks Exabeam is reimagining XDR with the launch of Fusion. Effective SOCs have clearly defined outcomes aligned to TDIR workflows. The cloud-delivered products contain prescriptive workflows guided by pre-packaged, use case specific content to enable security analysts to defend against common and evolving threats including external, compromised insider, and malicious insider attacks. “Breach scenarios are still too frequent, with common attack techniques like lateral movement, data exfiltration, and privilege escalation appearing legitimate or spanning across siloed security products,” said Adam Geller, chief product officer at Exabeam. Security analytics tools The majority of security analytics tools on the market only automate detection and response “When security analysts are unable to connect the dots between various systems, malicious attacks go undetected and lead to security breaches. Delivering Exabeam Fusion XDR and Exabeam Fusion SIEM from the cloud enables us to accelerate feature and functionality development, while deploying a use case framework that consistently delivers successful outcomes for our customers.” According to an Exabeam-sponsored Ponemon research study that surveyed 596 IT and IT security practitioners, security teams spend 12 per cent of their time detecting threats, 36 per cent triaging, 26 per cent investigating, and 26 per cent responding. The majority of security analytics tools on the market only automate detection and response. The Fusion product line automates 100 per cent of the TDIR workflow, including the bulk of the time it takes — 62 per cent — for security teams to conduct triage and investigation. Critical security issues Exabeam Fusion combines behaviour analytics, TDIR automation, and pre-built integrations with hundreds of third-party security and productivity tools to overcome weak signals from multiple products and find complex threats missed by other tools. Exabeam Fusion offerings accurately differentiate normal behaviour from abnormal activity Customers can easily identify and respond to critical security issues, intrusions and attacks from a single, centralised control plane, substantially increasing analyst productivity and reducing response times. Exabeam Fusion offerings accurately differentiate normal behaviour from abnormal activity, apply risk scoring to identify notable users and events, and build Smart Timelines™ to automatically reconstruct security incidents providing accelerated investigation and response. Cloud-delivered products “With Exabeam Fusion, organisations can unify their current security tools to more efficiently detect, investigate, and respond to threats without the need for large-scale rip and replacements of their entire security stack,” said Ralph Pisani, President at Exabeam. “Our customers can keep their existing tools and merge our fully automated TDIR layer on top to benefit from Exabeam’s fast innovation, superior experience and accelerated time to value.” Gorka Sadowski, chief strategy officer at Exabeam, added, “The Fusion product launch is in line with our strategic direction to expand beyond SIEM and solve the industry’s biggest SecOps challenges by offering a set of world-class, cloud-delivered products and solutions to the marketplace.” Exabeam Fusion SIEM includes all Fusion XDR features and capabilities plus access to centralised log storage, powerful search, and compliance reporting. Fusion XDR and Fusion SIEM come in two editions, Core and Enterprise, to support organisations of all sizes.
Exabeam, the security analytics, and automation company announces Exabeam Alert Triage, a new cloud-native application that will help security analysts confidently wrangle the overwhelming number of alerts coming at them each day from a myriad of other third-party vendor tools. Included as a new integrated application for all cloud customers using Exabeam advanced analytics and Exabeam case manager, Alert Triage enriches alerts with context and presents them in a single screen so analysts can make faster decisions about which alerts to escalate or dismiss. It also ensures analysts don’t miss the critical alerts that require escalation to prevent breaches. Receiving security alerts “Analysts receive thousands of security alerts a day spread across disparate tools. Unable to keep up with the volume, they must ignore a significant number of them, which leaves their organisations vulnerable to threats,” said Adam Geller, chief product officer at Exabeam. “We developed the Alert Triage application to provide automation throughout the triage workflow so security analysts can be freed up to focus on what matters most -- fortifying their organisation's cybersecurity defences to prevent breaches.” Analysts receive thousands of security alerts a day spread across disparate tools" “We’ve had great success running Alert Triage in its beta version. At first, watching so many alerts get centralised into a single screen was somewhat unbelievable, but Exabeam has done it,” said Zane Gittins, IT security specialist at Meissner. “It’s been refreshing to not have to go from app to app to look at different alerts and it absolutely reduces the time it takes to triage them.” Traditional triage workflows Security personnel say they are only able to investigate 45% of the daily alerts they receive, according to research from the Ponemon Institute. The report surveyed 596 IT and security practitioners and also found that 33% of alerts in traditional SIEMs are false positives. The traditional triage process requires analysts to first determine what the alert is for (users or entities), gather the right contextual information (positions, locations, sources, etc.), and then sift through logs to determine the priority of the alert. Next, an analyst must decide whether or not to escalate it for further review. Blending traditional triage workflows with context generated from machine learning-based analytics, Alert Triage does this time-consuming and tedious work automatically. It categorises, aggregates, and enriches alerts with contextual data including host, IP, severity of alerts, related behavioural anomalies, and overall risk scores of associated users and entities. Incident response team The ability to categorise alerts allows managers to create and assign channels to team members From the security alert, analysts can easily navigate to an associated user or entity timeline to understand what happened before and after the alert was triggered. Armed with context to understand the scope of the security alert, analysts can rapidly and confidently dismiss or escalate the alert to the incident response team. Alert Triage benefits include: Visibility - Centralising the alert triage process and organising an analyst's triage efforts enables analysts to review alerts faster. Visibility into all of the alerts that security tools have triggered in an organisation minimises the likelihood that an alert is missed or overlooked. Focus - The ability to categorise alerts allows managers to create and assign channels to team members. A channel helps focus an analyst’s attention on a specific type of alert and allows them to develop subject matter expertise. Productivity - An analyst can triage alerts in aggregate batches, which boosts their productivity. Greater productivity means analysts are able to review a higher percentage of incoming alerts and reduce the possibility that an alert will go unreviewed and lead to a breach. Latest security incidents "When we look at the latest security incidents such as the SolarWinds or Microsoft Exchange attacks, more likely than not, the impacted organisations had at least one security alert generated about the threats from one of their third-party security vendor tools,” said Gorka Sadowski, chief strategy officer at Exabeam. “Unfortunately, that alert was likely drowned in all of the other false positive alerts and had to be discarded. Exabeam helps our customers spend time on the alerts that really matter."
Exabeam, the security analytics, and automation company announces a set of new functionalities aligned across Exabeam’s products to solve specific security challenges. The new Threat Detection, Investigation & Response (TDIR) use case packages provide a powerful, prescriptive solution to help security operations centres (SOCs) improve workflows from collection to detection, investigation, and response using an outcome-based approach. Prescribed data sources Generally available in Q2 2021, the TDIR packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists, and response playbooks to assist analysts with repeatedly delivering successful outcomes. “Organisations struggle with failed security implementations because they lack the specialised expertise, detection logic, and clearly mapped investigation and response workflows for common threats,” said Adam Geller, chief product officer at Exabeam. “Consequently, organisations waste time and resources customising products with minimal improvement to their security coverage. With our framework for use cases, security analysts benefit from comprehensive out-of-the-box content so they can be confident in their ability to deliver repeatable, successful outcomes that will improve their security and translate into significant amounts of saved time and resources.” Providing designed functionality Exabeam’s TDIR use case packages provide the prescribed content needed to get us there" “We were able to quickly turn on the 'out of the box' use cases and integrate with our systems and processes, improving our detect and response capabilities,” said Jennifer Shields, vice president of information technology, Procter & Gamble. “Directly mapping common security use cases to response workflows is critical for SecOps success,” said Marc Crudgington, CISO, SVP information security, Woodforest National Bank. “We look forward to working with Exabeam as its new TDIR framework helps our industry become far more use case-driven.” “Automated TDIR workflows that are outcome-driven, prescriptive and analytics-powered are required to mature and fortify a healthcare SOC today,” said Joe Horvath, manager, information security, Kelsey-Seybold Clinic. “Exabeam’s TDIR use case packages provide the prescribed content needed to get us there.” Most security products were designed to provide functionality, not results. Simplifying analyst workflows The new TDIR use case packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats: External threat use cases that include phishing, malware, ransomware, cryptomining, and brute force attacks. Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement, and data exfiltration. Malicious insider use cases that include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak, and destruction of data. Common security scenarios Unlike competing solutions, where coverage for common threats is limited to detection logic, Exabeam’s framework includes content for all phases of threat detection, investigation, and response. This includes comprehensive onboarding guidance for which specific data sources and context are required to achieve the most successful outcomes. The TDIR framework also includes: Out-of-the-box detection models that incorporate coverage for specific adversary tactics and techniques. These are mapped to the MITRE ATT&CK framework to give security teams a common framework for detection. Tailored watchlists that can be set up to allow analysts to monitor high-risk users and devices. Investigation checklists that include a curated list of investigation, containment, and remediation steps. This allows analysts to follow a consistent and repeatable investigation and response workflow. Turnkey playbooks that contain automatable response actions for addressing common security scenarios without requiring customers to licence or configure additional third-party software. These ensure analysts are able to respond in a timely and consistent manner. Insider threat program “Outcome-based security with prescriptive approaches are strategic to the industry, and this represents a great win for Exabeam customers. These approaches are fundamental to the success of SecOps initiatives,” said Gorka Sadowski, chief strategy officer at Exabeam. “As an example, organisations looking to deploy or improve their insider threat program will be able to quickly gain visibility and response capabilities into malicious behaviour and compromised accounts.”
Exabeam, the security analytics and automation company, announced a partnership with Snowflake, the Data Cloud company, to augment Snowflake data lakes with Exabeam security analytics and automation. The partnership enables organisations to identify risks and respond swiftly to incidents across their entire business ecosystem. The COVID-19 pandemic has accelerated digital transformation, expediting the move to the cloud and increasing demand for improved productivity and efficacy through automation. Organisations can now quickly move data and security to the cloud by migrating to Snowflake Data Cloud and Exabeam SaaS Cloud. Automating workflow Security teams can quickly detect, investigate and respond to complex threats with the help of analytics and automation skills By adding the analytics and automation capabilities of Exabeam to the data stored within Snowflake, security teams can quickly and efficiently detect, investigate and respond to complex threats. The combination of both solutions advances an organisation’s security posture by automating the entire workflow from data collection through response, enabling fast and consistent outcomes. Cloud-based security analytics “With demand for cloud technology surging amid the shift to remote working, we proudly welcome Snowflake to our partner network,” said Adam Geller, Chief Product Officer, Exabeam. “Using the combination of the Exabeam Cloud Connector for Snowflake with Exabeam Advanced Analytics, joint customers can easily apply intelligence and automation capabilities to their data stored within Snowflake's platform. This addresses the increasing market need for cloud-based security analytics on third-party logs sent to Snowflake.” Identifying cyberthreats “Security data continues to grow in size and complexity, and a fragmented architecture keeps many organisations struggling to mobilise it for protecting the enterprise,” said Omer Singer, Head of Cybersecurity Strategy at Snowflake. “Snowflake’s unique architecture eliminates data silos, providing organisations a single scalable and cost-effective platform for all their data, while Exabeam’s security analytics adds intelligence and automation to strengthen an organisation’s ability to identify and respond to cyberthreats across subsidiaries, geographies and public cloud providers.” Case study In 2020, several large-scale corporate data breaches centered around compromised credentials of cloud-based data stores. In one example, more than 5 million guests of Marriott hotels were impacted when cybercriminals stole the login credentials of Marriott employees, likely through phishing or credential stuffing. The information was then used to siphon personal customer details such as birth dates, contact information, as well as hotel and airline loyalty program accounts. Technical integration Exabeam provides real-time mapping of logs stored within Snowflake and attributes all activity and behaviour to users and devices Combining Exabeam’s security analytics with Snowflake’s data platform can provide protection against credential-based attacks, including insider threats. The technical integration between the Exabeam SaaS Cloud and Snowflake Data Cloud is done through the new Exabeam Cloud Connector for Snowflake, which allows for easy ingestion of data stored in Snowflake. Exabeam provides continuous, real-time mapping of logs stored within Snowflake and attributes all activity and behaviour to users and devices. This attribution, with additional data and context, provides visibility into abnormal or risky activity to detect malicious insiders or attacks involving compromised credentials. As a new addition to the 40-plus existing Exabeam Cloud Connectors, the Cloud Connector for Snowflake also allows for monitoring of Snowflake audit logs in Exabeam Advanced Analytics to detect anomalous account behaviours within the application itself. Assisting security operations “The proliferation of data is central to all businesses, and so is the need to guard against malicious attacks – especially now, as enterprises rely so heavily on data clouds like Snowflake,” added Chris Stewart, Senior Director, Business Development for Exabeam. “This partnership advances our mission to assist security operations teams in quickly detecting, investigating and responding to incidents throughout the enterprise.”
Exabeam, the Smarter SIEM™ company, announced the appointment of industry veteran and former Gartner analyst Gorka Sadowski to chief strategy officer. Exabeam has grown rapidly over the past six years as it has executed on its vision for enhancing security teams with analytics and automation. As the types of attacks and number of attackers proliferate, strategic clarity becomes increasingly important to meet future demands, both for Exabeam and its customers. Sadowski’s guidance will be especially important at a time when so many security organisations are under-staffed and feeling overwhelmed by the number of security events they have to investigate. Sustaining corporate strategic initiatives In his role, Sadowski will be responsible for developing, executing and sustaining corporate strategic initiatives In his role, Sadowski will be responsible for developing, executing and sustaining corporate strategic initiatives. He will also serve as a sounding board for the Exabeam product roadmap and vision to drive growth. Reporting directly to CEO Nir Polak, he’ll work with professionals across the organisation on cross-functional initiatives and educate prospective customers, partners, analysts and media on the value of analytics and automation in a security program. Throughout Sadowski’s 30-year cybersecurity career, he has held roles spanning marketing, business development, strategy and sales and gained a deep understanding of the trends and risks of the industry. Before joining the Exabeam team, he served as a senior director and analyst at Gartner, focused on security operations for the IT industry. Managed detection and response At the analyst firm, he was responsible for consulting with clients and working with a wide variety of security vendors to drive coverage for SIEM, SOC futures and trends, and managed detection and response (MDR). He authored and co-authored Gartner’s Magic Quadrant and Critical Capabilities research on SIEM. Prior to joining Gartner, Sadowski also served as the director of business development at Splunk, where he was responsible for building the security ecosystem from strategy to execution. He was also responsible for creating and implementing Splunk’s Partner Pavilion at Splunk, where he was first introduced to Exabeam. Security analytics space Before his tenure at Splunk, he established presence for LogLogic in Southern Europe, ran security go-to-market activities At this event, he saw Exabeam emerge as the most promising organisation in the security analytics space. Before his tenure at Splunk, he established presence for LogLogic in Southern Europe, ran security go-to-market activities, including security consulting, delivery and service packaging, for Unisys in France, and launched the first partner-led intrusion detection and prevention system (IDPS) in the industry as head of NetScreen’s emerging technology efforts. “The security industry is further aligning to the concept of the customer journey with an iterative and continuous improvement model -- a journey that Exabeam has been on for quite some time,” said Polak. “We are excited to welcome Gorka to the team, as he thoroughly understands what security analysts and leaders need in this competitive market. He has watched us skyrocket from a supplemental technology adding intelligence to vendors like Splunk to also being a SIEM market leader in our own right, and we look forward to the knowledge he will bring to accelerate our growth and industry disruption further.” Prevention and detection and response – Balance approach With investments shifting from preventative measures to a more balanced approach between prevention and detection and response, Sadowski’s expertise will drive Exabeam’s strategy to further align with the needs of the market. Sadowski will work closely with Chief Product Officer Adam Geller to improve how analysts detect and respond to advanced threats such as insider threats and credential-based attacks, with technologies such as the Exabeam Cloud Platform and Exabeam Advanced Analytics. Network security industry “Rarely have I seen such a combination of strategic acumen and execution capabilities in the network security industry. After observing and knowing Exabeam over the years, I am overjoyed to join the company,” Sadowski said. “As the cyberthreat landscape becomes more complex in our distributed but connected world, it is more crucial than ever before to arm security teams with the right tools they need to win the war against cyber adversaries. I look forward to working closely with Nir and the rest of the leadership team to identify key corporate initiatives to further establish Exabeam as the go-to leader in the market.”
During the Black Hat USA 2020 Virtual Event, Exabeam, the Smarter SIEM™ company, announced that customers can now licence its cloud SIEM technology by use case, beginning with licensable use cases for expedited insider threat and compromised credential detection. In addition, to simplify the process of acquiring and installing critical security content, the company is unveiling the new Exabeam Content Library, an easy-to-use security content repository to help organisations deploy advanced use cases more efficiently. Exabeam use case content increases threat visibility and enables security operations centre (SOC) teams to extract more value from their SIEM. According to the ‘Exabeam 2020 State of the SOC Report,’ security managers and analysts rated their ability to create content the lowest among all hard skills, yet creating rules and models to detect advanced threats, like lateral movement and credential switching, is critical to their security maturity. By providing a simple way to acquire the content needed to detect and remediate these critical security use cases, Exabeam is speeding the time to maturity for organisations. Security business needs “Security use cases for a SIEM tool should be a priority in the CISO’s tool box, and should not only cater to basic security hygiene, for which best practices exist, but also cater to the business needs of the organisation,” wrote Gorka Sadowski, senior director analyst at Gartner in a Gartner report. The Content Library is an online repository of knowledge and content that organisations can use to roll out new use cases. The initial release allows customers to quickly map data sources to security use cases and to download the necessary parsers. Exabeam is also announcing new, easy-to-implement content and tools to help customers maintain security as they adapt to a remote workforce. Investigate data exfiltration Exabeam is further enabling security teams to rapidly obtain value by detecting insider threats" Exabeam Cloud Connector for Code42 allows security teams to quickly detect and investigate data exfiltration by departing and remote employees, as well as the leak of high value data during a merger or acquisition. This announcement follows the previous release of the Exabeam Cloud Connector for Zoom. The ability for Exabeam solutions to easily plug into existing security environments enhances SOC team speed and efficacy. “New research shows that one-third of organisations have been hit with successful cyberattacks since the forced move to work from home. As security teams rush to respond to the pandemic and the increase in threats, it is critical that they find cost-effective ways to strengthen and mature their security posture,” commented Adam Geller, chief product officer, Exabeam. “In announcing these innovations, Exabeam is further enabling security teams to rapidly obtain value by detecting insider threats and compromised credentials and improving their security posture for remote employees.” Turnkey Playbooks “Unlike other SIEM vendors, Exabeam has allowed us to quickly add analytics to detect and investigate insider threats without having to replace our existing log management investment,” explained Director Damien Manuel, Cyber Security Research and Innovation Centre at Deakin University. “That’s a critical capability in the context of constantly evolving risks and potential vulnerabilities, and it gives us a smarter strategy to protect our organisation, employees, customers and data.” Exabeam has also released the first of its previously announced Turnkey Playbooks, automated solutions for common security investigations that do not require third-party licences or configuration. The new Turnkey Playbook for Threat Intelligence automatically identifies malicious domains, IP addresses, URLs, files, and email addresses with no additional configuration or third-party threat intelligence licences required.
Exabeam, the Smarter SIEM company, announced the appointment of former Palo Alto Networks executive Adam Geller to Chief Product Officer. In his role, Geller will be responsible for aligning the product and engineering departments to drive strategy and innovation to Exabeam’s portfolio and will report directly to CEO Nir Polak. Throughout Geller’s 20-year career in the information security industry, he has led product teams to build and deliver cutting-edge security offerings. Before joining the Exabeam team, he served as Senior Vice President of Cloud Delivered Security, Product and Engineering at Palo Alto Networks. Cloud access security broker During his tenure at the network security firm, he led the cloud transformation of the company by launching the VM-Series next-generation firewalls across multiple public and private clouds, growing cloud access security broker (CASB) and new data loss prevention (DLP) capabilities for SaaS security, and driving the expansion into securing public cloud infrastructure with the acquisitions of Evident and RedLock. Geller’s expertise will serve to build out Exabeam’s entire cloud portfolio, including the Exabeam Cloud Platform Most recently, he developed and ran Palo Alto Networks’ SASE (Prisma Access and SD-WAN), which runs as a global cloud service in both Amazon Web Services and Google Cloud Platform. Prior to Palo Alto Networks, Geller led the development of NTT Ltd.’s next-generation managed security services platform and worked with cyber security and technology companies Symantec and Verisign. Cloud-based security tools With more organisations adopting cloud-based security tools to adapt to the increase in targeted cyber threats and remote work environments, Geller’s expertise will serve to build out Exabeam’s entire cloud portfolio, including the Exabeam Cloud Platform (ECP) launched earlier this year. Since the debut, Exabeam’s cloud services have become highly sought after by enterprises around the world. More than half of the company’s sales in 2020 have been from cloud services. The momentum has been built on consistent improvements to Exabeam’s cloud-first product and partner strategy, including the ECP, Exabeam SaaS Cloud Essential for SMEs and an enhanced partner programme accessible via the cloud for MSSPs and managed detection and response (MDR) providers. Geller will continue this momentum in conjunction with the company’s technology partners. Rapidly growing SaaS practice His experience and discipline will ensure we continue our trajectory to become the overall SIEM market leader" “A strong product with an equally advanced partner ecosystem play is key for any SIEM solution, and Geller will be responsible for ensuring alignment for our continued success,” said Polak. “We are excited to welcome him to the team, as he thoroughly understands what is needed in today’s growing market and has a proven track record of leading product teams at scale. His experience and discipline will ensure we continue our trajectory to become the overall SIEM market leader, and his cloud expertise will help drive our already rapidly growing SaaS practice.” Security management solutions “I am looking forward to leading the direction of Exabeam’s security management solutions, which have already made a significant impact in the SIEM market to date,” said Geller. "As cyber threats continue to evolve, it is more critical than ever to help our clients predict security incidents and enforce response postures on-premise and in the cloud. With more teams working remotely, the shift to meeting and collaborating online in a cloud-based work environment is a learning curve for most security organisations. I look forward to creating solutions that will make it possible for them to best protect their businesses in today’s new world.”