Exabeam extends its AI-driven security operations leadership

Exabeam has introduced two pioneering cybersecurity features, Threat Center and Exabeam Copilot, to its AI-driven Exabeam Security Operations Platform.

  • 8 months ago Posted in

A first-to-market combination, Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralises security analyst workflows, while Exabeam Copilot uses generative AI to help analysts quickly understand active threats and offers best practices for rapid response. These leading-edge innovations greatly reduce learning curves for security analysts and accelerate their productivity in the SOC.

“We built Threat Center with Exabeam Copilot to give security analysts a simple, central interface to execute their most critical TDIR functions, automate routine tasks, and supercharge investigations for analysts at any skill level,” said Steve Wilson, Chief Product Officer, Exabeam. “These new features amp up the value of our AI-driven security operations platform and take analyst productivity, efficiency, and effectiveness to new heights. Threat Center helps security analysts overcome one of the biggest challenges we’ve heard from them — having to deal with too many fragmented interfaces in their environments. By combining Threat Center with Exabeam Copilot we not only improve security analyst workflows, we also lighten their workload.”

Solving for Lack of Visibility and Automation

Security operations teams are often challenged with managing multiple security tools, which can lead to siloed data and a lack of visibility into threats. This can make it difficult to understand their entire threat landscape and execute TDIR in a timely manner.

According to Exabeam’s recent The State of Threat Detection, Investigation, and Response (TDIR) Report 2023, organisations globally reported that they can “see” or monitor only 66% of their IT environments, leaving ample room for blindspots. Exabeam customers are already using the Outcomes Navigator feature as a driver to know what parts of their environments they are able to monitor for TDIR and where coverage improvement may still be needed. Threat Center streamlines these processes further to remediate threats against covered areas faster.

The report also reveals that only slightly more than half (53%) of global organisations have automated 50% or less of their TDIR workflow. With Threat Center and Exabeam Copilot, the Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to cyberthreats, helping companies solve for a lack of automation and ultimately accelerating response.

Powered by AI-driven detection, the Exabeam platform easily pinpoints high-risk threats by learning the normal behaviour of users and entities and prioritising threats with context-aware risk scoring — all now presented through the Threat Center interface — for faster, more accurate, and consistent TDIR. Revealed as the second most identified need in the Exabeam TDIR report — 35% of respondents reported a desire for improved understanding of normal user and entity and peer group behaviour within their organisation.

More About Threat Center and Exabeam Copilot

Threat Center unifies threat management, investigation tools, and automation to accelerate and efficiently investigate and respond to threats. Powered by an advanced security-trained, generative AI model, Exabeam Copilot supercharges security analyst investigations.

Threat Center with Exabeam Copilot helps analysts:

• Understand an entire threat that spans multiple detections to tell a complete story of what happened.

• Conduct complex powerful search queries in plain natural language.

• Understand a threat, and know how to respond, using generative AI threat explanations for clear cross-organisation communication.

• Automate routine tasks, expose hidden threats, and greatly accelerate response times.

• Prioritise alerts and cases, with context-aware risk scoring.

• Reduce the number of alerts that analysts need to investigate – detection grouping associates related entities and events.

• Optimise SOC team collaboration with case sharing, case escalation, and shared notes.

• Visualise evidence with interactive threat timelines and instant access to relative data including behavioural models, users, and endpoints.

• Author automation rules critical to SOC workflows, such as escalating specific alerts to cases or queues via APIs or webhooks.

• Utilise pre-built playbooks with the ability to view, disable or clone for easy customisation.

Maximise Microsoft Sentinel Investment with Exabeam

In addition to identifying high-risk threats, providing faster, more accurate investigation and response, and improving threat coverage, the AI-driven Exabeam Security Operations Platform helps security teams realise the full potential of their security investments. Also announced today, customers can now add Exabeam TDIR capabilities on top of existing Microsoft Sentinel deployments. Extending industry-leading Exabeam analytics and automation to Microsoft Sentinel helps organisations realise new potential from their SIEM.

With Exabeam, Microsoft Sentinel users can see new detections with broader insights and automate workflows, ingest data from a wide range of Microsoft and best-of-breed security products, and accelerate the TDIR capabilities of their SIEM deployment. The Collector for Microsoft Sentinel adds to a growing list of supported SIEM products - Splunk and IBM QRadar, to name a few.

Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...
ISACA research shows automating threat detection/response and endpoint security are the most...
Strategic partnership unifies AI-native endpoint security and next-generation firewall protection...
Advanced forms of social engineering are on the rise, though obvious gaps like weak passwords are...