Security professionals are virtually unanimous in their contentions that more than 90 percent--and the actual figure, they say, is probably higher than that--of all IT system hacks are inside jobs. Many of these misdeeds are perpetrated by somebody from the outside who has stolen or bought an employee's credentials.
Exabeam, a startup that focuses on big data security analytics, is keenly honed in on this global problem. Its new-gen, cloud-based software enables enterprises to use the full potential of their existing security information and event management (SIEM) deployments.
Exabeam users can detect both insider threats and cyberattacks in real time while simultaneously optimizing their security operations, co-founder and CEO Nir Polak told eWEEK.
The company's newest tool is Threat Hunter, which provides instant and targeted querying of security big data by any line-of-business employee--not necessarily a security admin. Using Threat Hunter, which became generally available on Feb. 17, security professionals can proactively identify and respond to adversaries within their networks. The product enables analysts to search, pivot, and drill down across multiple dimensions of user activity to find sessions that contain specific risky behaviors.
"We trace the whole sequence of activity when an attack occurs," Polak told eWEEK. "Where did he (the intruder) come from? Where did he go afterward? Where did he go (within the system) when he moved laterally? We stitch that story together.
"Exabeam can search the alert coming, from say, FireEye. In seconds we're going to show them the compete chain of events. We're going to show what was normal, and what was not. Was the inside intruder going to places he normally does not go? Once we have all that information, we can conduct a full response, reducing what takes endless hours, sometimes days, to do."
Enterprise breaches are about more than going after credit card numbers. Advanced persistent threat attacks (APT) are becoming the norm, with cybercriminals breaking into corporate networks using stolen credentials and targeting high-value, sensitive data. According to ISACA (formerly known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only), 74 percent of enterprises surveyed think they will be a target for APT attacks. Twenty-eight percent have already been attacked.
Exabeam's platform uncovers APT attacks using big data science to alert security teams to suspicious user behavior even if they change locations, devices, or logins, Polak said.
Threat Hunter adds to the platform by allowing any security analyst to execute a multi-dimensional search and drill-down of user sessions to actively hunt for impostors or malicious insiders based on their unusual behavior. Threat Hunter is the only product that allows a security analyst to interrogate and query the system to find user session that match specific criteria.
Key functions the new product provides, according to Polak:
• Increased security: Finds advanced persistent threats before they cause data loss.
• Reduced chance of data breach: Finds attackers hiding in the network by staying under the radar.
• Faster response to cyberattacks: Effectively removes all adversaries once an attack is detected by finding all traces of activity.
Threat Hunter is available now. Pricing is based on number of users and is licensed via subscription. Go here for more information.