Exabeam Security Management Platform is a next-generation SIEM that leverages UEBA metrics to detect threats automatically. This platform adds analytics to existing log stores and layers SOAR on top of them to decrease logging costs.

Pre-built connectors that support the integration of more than 80 log types, including cloud-based types, means that organizations may add new logs without paying volume price. The platform also easily ingests vulnerability scan data. Various supported data streams provide comprehensive data access that this SIEM can then use to show full contextual information of an event. A health management feature keeps the platform functional by monitoring the amount of data entering the environment.

Alert triage filters out false positives, correlates information and highlights top tks to prioritize threats. A key strength of this platform is its ability to triage events accurately. It adeptly analyzes behavior to identify the riskiest entities.

Dashboards come as fully customizable, out-of-the-box templates. These templates offer views of relevant information, including watchlists of employees with the riskiest security behavior. User profiles show risk trends and reveal why the platform has flagged certain individuals. Exabeam continuously fingerprints user activity and pulls information from its Active Directory. The dashboard displays a relationship graph that compares identified peer groups to determine atypical behaviors. Teams can manually create event investigations or leave event investigations to the platform’s automation until a risk score exceeds a pre-determined threshold. The solution also defines and explains abnormal behavior, so junior analysts can understand events and investigate them with confidence.

Investigating and threat hunting have extensive search and query capabilities that do not necessitate the use of query language, while the point-and-click interface offers intuitive dropdown menus and filters. The usability and efficiency of the interface sets this SIEM apart from others in this space because it so dramatically simplifies the investigative process. It even has pre-connected timelines, built by machine learning, that further condense the process of searching for items and interpreting results. In real time and across thousands of users and machines, the solution stitches together gaps in the data of millions of logs, alleviating much of the hard work that analysts would otherwise have to do themselves. Automated playbooks, either created from scratch or leveraged from customizable templates, respond to various threats based on behavioral analysis and machine learning.

Hundreds of out-of-the-box report templates visualize reports on virtually all data. All reports have limitless customizations, so organizations have the flexibility to view only the data they find most meaningful.

Beginning as a SIEM-helper, the Exabeam Security Management Platform eventually grew into a full-blown SIEM, a strong indication that the Exabeam teams have worked hard to improve and refine their product. The solution impressed us very much, especially its ability to link incidents accurately even when they are tied to different end-users. There are so many different use cases for this platform, including layering it onto an existing SIEM for added security and value.

Pricing starts at $75,000 and includes 24/7 standard technical support. Customers also have access to a FAQ list. Premium support is available for an additional charge. 

Tested by: Tom Weil