LAS VEGAS--If you suspect someone in your organization cannot be trusted anymore, or you are worried about a potential cyber-attack, there's a new security startup that may be of interest to you.
Six-month-old Exabeam, which focuses on big data security analytics, launched both itself and its platform here Oct. 6 at the Splunk .conf2014 conference. The new package is designed to enable enterprises to use the full potential of their existing security information and event management (SIEM) deployments.
Exabeam users will be able to detect both insider threats and cyberattacks in real time while simultaneously optimizing their security operations, co-founder and CEO Nir Polak told eWEEK.
"The problem we see in the market today--look at all the attacks on Target, Home Depot and so on--is that the attackers use all kinds of techniques," Polak said. "Heartbleed, malware, keyloggers in social engineering, etc. But what the attacker needs most to comprise systems is to get his hands on credentials. In essense, he wants to impersonate a valid employee.
"When an attacker gets hold of credentials, it's game over. You're done. So the problem is: How do you find the imposter? With the tools you have today, it's very difficult."
To that end, Exabeam adds a layer of user behavior intelligence on top of existing SIEM and log management repositories to give IT security teams a complete view of the full attack chain. Then it can spotlight valid attack indicators currently lost in a sea of security noise, allowing for better and more complete security response, Polak said.
Attackers used authorized credentials in more than 76 percent of network intrusions in 2013, allowing them to impersonate legitimate users spanning across IT environments and conduct suspicious activities along the way. Current SIEM technologies cannot detect subtle anomalies or correlate them across the entire attack chain, forcing IT and security teams to anticipate malicious behaviors, which is nearly impossible in the current hacker climate.
Exabeam removes guesswork by providing access to real-time insights that tell users which indicators to look for in order to spot malicious behaviors, Polak said. The user behavior intelligence platform provides security teams insight into which accounts are involved in attacks and provides a complete picture of user activity, greatly reducing attack detection times.
"The challenge with SIEM solutions is that you can only find the threats you are actively looking for through a statistical or rule-based model," said Colin Anderson, vice president of information technology and chief information security officer at Safeway, an Exabeam beta customer. "Where Exabeam brings immense value is in identifying what we’re not looking for by understanding ‘normal’ user behavior and alerting us when network activity deviates from that baseline. Without this type of solution, businesses are blind to these threats and waste time chasing the tails of false positive alerts."
Exabeam is headquartered in San Mateo, Calif., and is privately funded by Norwest Venture Partners, Aspect Ventures and investor Shlomo Kramer.