Exabeam is behavior-based breach detection and response software. Exabeam was started in July 2013 to address two security problems. The first is finding targeted attacks and attackers that have slipped past perimeter defenses using stolen user credentials. The average time to detect targeted attacks is now greater than 200 days--if they are detected at all. Exabeam employs a machine-learning engine that learns and baselines normal historic user credential behaviors and access characteristics and also compares the behaviors to that of their peers as defined in Active Directory (LDAP). Exabeam automatically asks the questions an analyst would, using proprietary algorithms to determine anomalous behaviors.

The second problem is the length of time it takes to respond to a possible attack. The first step in the process is to assemble all the data needed to put together the entire attack chain for attack vector analysis. This can take days or weeks. Exabeam uses a proprietary identity state engine to assemble a credential use timeline of normaland abnormal activities for each user. Security infrastructure alerts are also attributed to a user’s credential and placed on the timeline.

Exabeam collects credential data from a variety of SIEM and log management data repositories identity information from Active Directory. Most customers are analyzing sessions in a few hours once initial data collection is completed. Exabeam’s real-time behavior-based detection and automated attack vector analysis collapses the detection and response process, speeding up accurate detection of the stealthiest attacks.


The Exabeam user behavior analytics solution integrates with the latest data science techniques to quickly uncover cyber attacks and drive security operational efficiencies. A few key product features that are pioneering how security is done:

  • Automated discovery of asset types
  • Automated discovery of service accounts
  • Visibility into departmental behavior risk and employee activities


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- June 17, 2017



In evaluating UBA solutions’ ability to detect, prioritize, and response, it is important to understand the full potential of data science-driven analytics. Organizations should ask their vendors if they can support the following Top 12 UBA use cases, and most importantly, demand that the vendor...

One of the biggest challenges for any federal agency is finding ways to identify and minimize the impact of insider threats -- that someone with access to the organization’s networks (an employee, former employee, or contractor) will use that access maliciously. Compounding the problem, if someone...

An insider threat arises when a person authorized to access to U.S. Government resources, including personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the ...

Exabeam, an industry pioneer of User Behavior Intelligence, leverages existing SIEM and log management data repositories to understand a complete picture of user session activities from log on to log off, allowing the technology to detect account impersonation throughout the attack chain. The Ex...