Exabeam is behavior-based breach detection and response software. Exabeam was started in July 2013 to address two security problems. The first is finding targeted attacks and attackers that have slipped past perimeter defenses using stolen user credentials. The average time to detect targeted attacks is now greater than 200 days--if they are detected at all. Exabeam employs a machine-learning engine that learns and baselines normal historic user credential behaviors and access characteristics and also compares the behaviors to that of their peers as defined in Active Directory (LDAP). Exabeam automatically asks the questions an analyst would, using proprietary algorithms to determine anomalous behaviors.
The second problem is the length of time it takes to respond to a possible attack. The first step in the process is to assemble all the data needed to put together the entire attack chain for attack vector analysis. This can take days or weeks. Exabeam uses a proprietary identity state engine to assemble a credential use timeline of normaland abnormal activities for each user. Security infrastructure alerts are also attributed to a user’s credential and placed on the timeline.
Exabeam collects credential data from a variety of SIEM and log management data repositories identity information from Active Directory. Most customers are analyzing sessions in a few hours once initial data collection is completed. Exabeam’s real-time behavior-based detection and automated attack vector analysis collapses the detection and response process, speeding up accurate detection of the stealthiest attacks.
The Exabeam user behavior analytics solution integrates with the latest data science techniques to quickly uncover cyber attacks and drive security operational efficiencies. A few key product features that are pioneering how security is done: