Exabeam Proof of Concept

Official partner of Cyberseer

What is an Exabeam Proof of Concept?

A Proof of Concept (PoC) is a trial that allows you to evaluate the leading security intelligence platform Exabeam within your own environment using your data to prove the value of the technology.

The PoC also allows organisations to understand why world leading companies are relying on Cyberseer’s managed service to detect damaging threats.

Why have an Exabeam PoC?

Once installed Exabeam starts work from day one, collecting log data over a 3-4 week period to understand what normal behaviour looks like for all users. Exabeam will review data from the past 30 days and transform log data into a series of events, identifying abnormal user behaviour and flagging high risk activity. Exabeam finds pre-existing and emerging threats, but ultimately reduces the risk of regulatory fines by helping detect a compromise before it becomes a breach.

Exabeam’s advanced threat detection capability has many benefits:

Preventing unauthorised access to sensitive or confidential corporate data.

Reducing the risk of data leakage by highlighting any abnormal activity before and during employee notice period.

Building watch lists for senior executives to ensure their elevated privileges are not exploited.

Protecting corporate information and reducing the risk of reputational damage through automated workflows to speed up the incident response process.

Accessing comprehensive reports to meet internal and external audit requirements.

Saving money by allowing unlimited log collection for one predictable annual price.

Get a corporate overview of the threat landscape.

Gain visibility of your organisation’s threat landscape by pinpointing top threats quickly. With Exabeam, Analysts can model your entire information environment down to the device, application and user level, so that you:

Know your own organisation better than your adversaries.
Take action to minimise risks to your organisation and curb malicious or harmful behaviours.

Benefit from the expertise of our forensic Analysts.

Cyberseer employs professional cyber security Analysts, experienced in working with a variety of global corporate clients, to work with your security team.

Weekly Threat intelligence reports offer an analysis of your environment’s top threats.
Monthly Threat Intelligence reports offer trending analysis in a Cxx friendly format.
Our analysts will assist the IR process helping work towards root cause analysis.

How does it work?

The Exabeam appliance is installed
A single Exabeam appliance can be installed and configured on site in 1-2 hours which utilises 1U of rack space.

Log data collection
The Exabeam Security Intelligence Platform applies machine learning to log data, stitching together events from a variety of data sources, to show a timeline of all the activities undertaken by staff, from the time they log on to the time they log-off each day. This learning period is typically 3-4 weeks. If historical log data can be collected then the learning period is reduced to 1 or 2 days.

Data analysis and risk based scoring
The machine learning engine identifies what normal and abnormal behaviour looks like for a user, assigning a risk based score to those activities which are suspicious. This score is cumulative and will increase each time new abnormal activity is identified for the user.

Investigation
Cyberseer’s team of experienced forensic Analysts “connect the dots” interpreting suspicious activities detected by Exabeam’s advanced analytics solution. The service will alert if a priority is identified, or provide regular weekly reports for low priority issues.
Review

PoC Timescales

If you are interested in starting a Proof of Concept with Exabeam and Cyberseer contact the team – [email protected]

Have some questions? Perhaps we’ve answered them in Exabeam FAQ’s

FAQ's

Analysing SIEM and log management data repositories with Exabeam is comparable to a security savant in your team who can work 24/7, remember all credentialed activities over the last ninety days for 150,000 employees, compare current activities to those in the past detecting anomalous behaviours, perform security session assembly and surface those users whose behaviours exceed risk thresholds.