<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TGMHXV" height="0" width="0" style="display:none;visibility:hidden">

The ExaBlog

The Challenge of Using a SIEM to Detect Ransomware

Posted by Orion Cassetto on Jul 27, 2016 3:14:26 PM

Ransomware is becoming more common than ever. Corporations both large and small, are increasingly finding themselves the targets of advanced ransomware campaigns. Unfortunately, most security teams haven’t had enough experience with ransomware in corporate environments to stop infections before they run rampant.  This post explores some of the challenges security teams may face when trying to use SIEM correlation rules to identify the behavior and activities associated with a ransomware infection.

Read More

Topics: SECURITY, ransomware

Beyond Detection and Response: Hidden Benefits of Exabeam

Posted by Andy Skrei on Jul 8, 2016 10:24:04 AM

When I ask our prospective customers why they are interested in UBA and Exabeam specifically, most have a common answer; they are looking to cash in on the promise of deriving usable intelligence out of the vast amounts of data they have spent time and money collecting. Organizations want increased visibility into the activities of users on their network to detect modern attacks and respond quickly. Solving these problems is at the center of what Exabeam was built to do, however there are also some hidden benefits users receive simply by using the Exabeam platform. Many of these benefits center around the finding logging quality issues, identifying changes in configurations and augmenting stale or non-existent asset management information.

Read More

Topics: CUSTOMERS, benefits

Exabeam Cleans Up At Network Product Guide's 2016 IT World Awards

Posted by Orion Cassetto on Jun 27, 2016 5:06:42 PM


As a software vendor, it’s always nice when the fruits of hard work, purposeful design decisions, and unwavering focus on customer feedback are recognized.  Recently, Exabeam had the honor of being selected as the recipient of six awards at the 2016 Network Product Guide IT World Awards.

Read More

Topics: awards and recognition

A Forensics Expert's Opinion: Why Exabeam Matters

Posted by Ryan Benson on Jun 13, 2016 8:40:23 PM

The size of hard drives, logs, and other data sources has grown immensely in the past few years. I've had many different roles within the DFIR (digital forensics and incident response) space, including SOC analyst, incident responder, and forensic examiner, and this massive increase in available data poses challenges in all of those areas.  Fully combing through a multi-terabyte hard drive takes longer than smaller drives. Intrusion investigations can rapidly balloon from one computer to many, as attackers become more sophisticated and move around their victim’s environment. Many intrusion or breach investigations can span dozens (or even hundreds) of devices. Companies are increasingly getting better about logging; both by collecting from more sources and by logging more verbosely.

Read More


It's Not Always the Hackers...

Posted by Tim Sadler on Jun 4, 2016 5:53:31 AM

20 years ago, I was working the graveyard shift as a policeman on the south side of Chicago. Part of the area I patrolled included one of the largest railroad freight yards in the U.S.  Occasionally, we would get calls to assist the railroad police.  On this particular day we received a call to assist with a “theft in progress”. Upon arrival at the railyard, we found a freight train with 50+ rail cars stopped waiting to be unloaded.  After inspection, we found a single car with the locks broken, doors open, and a single crate pried open. There were a couple of boxes missing from the crate.

Read More


How to Leverage Behavioral Analytics to Reduce Insider Threat: Your Questions Answered

Posted by Barry Shteiman on May 26, 2016 10:29:43 AM

Last Thursday, we presented a webinar and discussed how UEBA technology can improve Insider Threat detection as well as overall SOC operational efficiency and noise reduction. I would like to thank the participants who were very active and showed interest by asking lots of questions. We felt we owed everyone the answers to the questions that were asked and may or may not have been answered during the webinar. And took the privilege to remove questions that were not tied to UEBA subject matter. Here are the questions asked during the live event…

Read More

Topics: SECURITY, data science

Ransomware: Why Steal When You Can Disrupt?

Posted by Doron Keller on May 2, 2016 7:44:09 PM

ransom.jpeg When asked why he robbed the bank, the old saying goes, the thief replied: because that’s where the money was. But in fact, there was no need to rob; applying the modus operandi of recent ransomware attacks, all the thief had to do is disrupt the entrance to the bank, and collect the money without any extra effort.

Read More

Topics: SECURITY, ransomware

A User and Entity Behavior Analytics System Explained – Part III

Posted by Derek Lin on Apr 18, 2016 8:05:28 PM

 In this blog series, I’ve talked about the applicability of data science for user entity behavior analytics (UEBA).  The use of statistical analysis is best driven by expert knowledge; some machine learning examples were given to find contextual information for alert prioritization.  In this blog, let’s explore more use cases and examples where machine learning applies. 

Read More

Topics: data science

A User and Entity Behavior Analytics System Explained – Part II

Posted by Derek Lin on Apr 5, 2016 12:00:12 PM

In my last blog, I talked about the role of statistical analysis in a User Entity Behavior Analytics (UEBA) system.   Expert-driven statistical modeling is a key and core component of an anomaly detection system.  It is intuitive and easy to use and understand for analysts of all levels.  In part II of this series, I’ll discuss the role of machine learning in a UBA system.

Read More

Topics: data science

A User and Entity Behavior Analytics System Explained – Part I

Posted by Derek Lin on Mar 23, 2016 6:52:24 AM

This 3-Part blog series will demonstrate how data analytics of a User Entity Behavior Analytics (UEBA) product is at work to address cyber threats. In concept, a UEBA system such as Exabeam’s monitors network entities’ behaviors in an enterprise and flags behaviors that deviate from the norm.  While the benefits are understandable, there are many challenges.  In this blog series, I’ll focus only on the data analytics part of the system that has proven to work well in the field for a large number of customers with different environments.  Part I covers the statistical analysis the system.  Parts II and III will talk about some machine learning applications.

Read More

Topics: SECURITY, data science

Download Threat Research Report

Subscribe to Email Updates

Follow Us