Exabeam Debuts Smart Timelines To Streamline Incident Response
Exabeam has rolled out a feature that automates timeline creation and stitches together normal and abnormal events to help investigators better pinpoint anomalous activity.
The San Mateo, Calif.-based security startup said Smart Timelines should help security analysts improve their productivity around both incident investigation and threat hunting. The feature is generally available starting today as part of the Exabeam Entity Analytics and Exabeam Advanced Analytics offerings.
"You can only go out and fix the threats you know about," Trevor Daughney, Exabeam's vice president of product marketing, told CRN exclusively. "The more information they have, the better."
[Related: Cybersecurity Startup Exabeam Raises $50M To Drive Global Growth]
Smart Timelines uses machine learning to track identity and behavior over time, Daughney said, helping analysts understand what a user or device would typically be doing over a defined period to better track anomalous behavior. By giving users a prioritized view of the risks in their environment, Daughney said analysts can use their time more efficiently for threat hunting, investigation and remediation.
Exabeam can help turn logs into events that are easily understood by adding additional context to the log feed, according to Daughney. For instance, Daughney said Smart Timelines is able to determine whether the host IP is a server or a workstation by examining the device name, IP range and user behavior.
As a result, Daughney said Exabeam is able to more finely calibrate the dynamic peer groups it uses to identify normal patterns of behavior so that analysts can determine is something unusual is happening.
Advanced Analytics with Smart Timelines starts at $100 per user, the company said, while Entity Analytics with Smart Timelines costs as little as $12 per device. Pricing is based solely on the numbers of users or machine seeking access to the platform, according to Exabeam, and does not increase based on the volume of data.
Smart Timelines will allow partners to improve their investigation and response rates for customers, Daughney said, while reducing the time required to do both. That's because information around which users and attacks to prioritize is automatically pre-built into a single timeline without having to examine third-party or extraneous applications, according to Daughney.
Some competitors in the SIEM space also offer timelines, but Daughney said they're no more than a collection of logs sorted by timestamp. In contrast, Daughney said the context and normalization provided by Exabeam's Smart Timelines is critical to providing analysts with all of the information they need.
In addition, Daughney said Smart Timelines excels at tracking lateral movement by an adversary if they attempt to switch users on a device or move from one device to another. Other SIEM products, however, might see these as separate and unrelated incidents since they don't have the same level of visibility as Exabeam, according to Daughney.
All told, Daughney said Smart Timelines can help partners reduce the time, risk and resources customers have to devote to examining and prioritizing threats.
"Partners really see us and the opportunity for Smart Timelines to be core to their next-generation security initiatives," Daughney said. "They're looking to build their business with that at the core."
Exabeam is taking a more holistic approach to SIEM by bringing advanced analytics and automation together on a single platform, according to Larry Pfeifer, president of Medford, N.J.-based Consortium Networks.
While peers continue to force channel partners to piece everything together separately, Pfeifer said Exabeam's cookie-cutter approach to a Security Operations Center (SOC) should work straight out of the box. Specifically, Pfeifer said Smart Timelines should make it easier to apply security automation around the work done by Tier 1 analysts.
"I think this makes a lot of sense," Pfeifer told CRN. "It helps you take the next step of building your SOC and remediating."