Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

Exabeam

Exabeam

Examples of overseas introduction

Introduced “Exabeam” to bases in 51 countries and regions around the world
UEBA Strengthens Defense Against Cyberattacks and Improves Security Governance

Click here to request materials
Company Profile
  • Head office: NTT DATA Corporation
  • Established: May 1988
  • Industry: System integration business, network system service business, and all other businesses related to these
Task
NTT DATA develops business on the world stage. However, security measures for each of the company's bases were implemented locally, and there was an issue in controlling governance at all bases. In addition, in order to protect the brand image of NTT DATA, we felt the need to build a system to centrally manage security measures from the head office, as well as to prepare a system to detect and track security incidents at an early stage. was
solution
We proposed the next-generation SIEM platform "Exabeam SMP," which makes it possible to strengthen the system against cyber attacks and improve security governance for the entire group by realizing centralized management of security measures. In particular, by utilizing UEBA technology that can analyze the behavior of each individual user, it is possible to perform automatic analysis through machine learning. Also, in response to the problem of how to suppress the increase in costs for IT-related logs, which increase year by year, Exabeam SMP's license system is based on the number of users, so it was a major proposal point that costs can be suppressed.
result
After the introduction of Exabeam SMP, centralized management of security measures was realized, which strengthened the defense posture of the entire NTT DATA, Inc. and steadily improved security governance. Even organizations that were previously only able to perform audits using end-point devices such as EDR have expanded the scope of log audits and the scope of automatic analysis. When Exabeam SMP detects abnormal user behavior, it automatically scores the degree of risk and displays it as a story on the timeline, making it easy to compare before and after and with normal behavior.

Improve SOC operation efficiency by organizing alerts for existing products

Company Profile
  • Headquarters: New York, USA
  • Founded: 1864
  • Industry: Banking
  • Number of employees: about 13,000
Task
Exabeam導入以前は、データ損失防止(DLP)システムを導入しておりましたが、A社は、発生した大量の誤検出を調査するのに多くの時間を要していました。彼らは、追加でスタッフを雇うことなく、または脅威検知の範囲を減らさずに、イベントをより迅速かつ正確に処理するソリューションが必要でした。
solution
Company A chose Exabeam's UEBA solution to ingest all DLP event logs, create baseline activities to detect anomalous behavior, and prioritize incident response. Since Exabeam is always aware of the user's normal state, it was able to filter out false positives, which are legitimate business processes, allowing Company C to focus on real, high-risk incidents.
result
After implementing Exabeam Advanced Analytics, we no longer spend a lot of time investigating large numbers of false positives coming from our DLP system. This is because Exabeam automatically creates a timeline with alerts for each user. We were able to improve our business and security operations capabilities without increasing our headcount.

Tracking of horizontal deployment using authentication information, realization of operation by a small number of people

Company Profile
  • Headquarters: Los Angeles, USA
  • Established: 2000
  • Industry: Finance
  • Number of employees: about 830
Task
Company B had already implemented SIEM, penetration testing, privileged account management, EDR, etc., but it was not able to exploit the attacker's authentication information for lateral expansion, especially the threat of switching to a high-privileged account such as a service account. I was concerned. In order to detect such threats with SIEM, a large number of complicated rules and threshold settings were required, and it was necessary to be able to detect these threats without imposing a burden on the small number of security personnel.
solution
After the introduction of Exabeam Advanced Analytics, the patented Stateful User Tracking technology made it possible to visualize the switching of attacker accounts, terminals, IPs, etc. on a single timeline, requiring complex correlation rules and threshold settings. It is now possible to easily track the lateral deployment of an attacker without having to do anything.
result
Company B had already introduced an endpoint product and wanted to avoid installing an agent on their terminals, but they were able to implement an agentless implementation. With operability designed to be overwhelmingly simpler than SIEM, we were able to realize a system that can track the movement of lateral expansion that abuses the attacker's authentication information with simple operation even for a small number of security teams.

Visualization of internal threats without wasting existing investment

https://www.exabeam.com/library/berkshire-bank/

Company Profile
  • Headquarters: Boston, USA
  • Founded: 1846
  • Industry: Finance
  • Number of employees: about 2,000
Task
We have a lot of customer information and assets such as real estate loans and insurance, and we needed to protect them from both external and internal threats. In particular, for internal threat countermeasures, they had introduced a DLP solution, but it was difficult to determine which alerts were really threats, and Company C wanted a product that could easily visualize internal threats. We had previously considered a traditional SIEM product, but we also needed training for our employees, so we were looking for a tool that could be easily used by employees of all levels.
solution
Exabeam Advanced Analytics' behavior-based approach allows us to focus on the really high-risk threats. In addition, by utilizing the logs of e-mails, printers, etc., it is now possible to detect the risk of data being taken out in various cases. Until now, it was difficult to accurately determine whether a single alert was a threat or not, but now the entire picture can be easily visualized on the timeline, eliminating the need for analysts to conduct extra investigations and identifying high-risk threats. became recognizable.
result
When introducing a new product, there are many problems with personnel costs such as adding operation members, but Exabeam makes it possible to operate with junior-level members who do not have advanced skills, and senior-level teams No more time consuming special training for the product like before. We have achieved more efficient security operations and improved security levels, and have realized a significant return on investment.

Internal fraud detection and high-privileged account monitoring

Company Profile
  • Headquarters: Dublin, Ireland
  • Established: 1983
  • Industry: Pharmaceutical
  • Number of employees: about 18,000
Task
Company D is a multinational company in the pharmaceutical industry with operations in over 100 countries. Having experienced over 50 M&A transactions in the last few years, we needed to protect companies from threats such as malicious insiders and account abuse in an ever-changing internal environment. However, we felt that the existing pattern matching approach could only detect known threats and was insufficient as an internal fraud countermeasure.
solution
By importing logs from many existing security products, displaying the data as user sessions, and analyzing behavior, it is possible to proactively detect behavior that deviates from normal behavior, not only known threats but also potential internal threats. can be detected effectively. In addition, by registering users who are about to retire and high-privileged accounts as watchlists, it has become possible to detect signs of internal improprieties more quickly.
result
Exabeam Advanced Analytics has made it possible to detect insider threats before they lead to the loss of critical assets. Exabeam's behavior-based approach allows you to understand if your account is being used fraudulently or if your users are behaving differently than usual without complex customizations or external professional services. We were able to implement countermeasures against internal threats.

Improved threat detection and SOC productivity

Company Profile
  • Headquarters: Los Angeles, USA
  • Established: March 2007
  • Industry: Information, communication industry (video distribution service)
  • Number of employees: about 2,200
Task
Company E's security team has a limited number of personnel, and was required to operate security without compromising its level. Their challenges included investigating threats from a variety of different log sources in a timely manner and understanding where and how service accounts were being used. Prior to Exabeam, the company had implemented a third-party UEBA solution, but was dissatisfied with its method of detecting threats based on correlation rules.
solution
Exabeam Advanced Analytics collected logs from diverse log sources and provided a user and entity behavior analysis solution. Exabeam uses data science and machine learning to identify and baseline the normal behavior of both user and service accounts. Detect malicious and anomalous activity that deviates from the baseline, and gain visibility into threats with an incident timeline that is automatically created from different log sources.
result
Exabeam's behavioral modeling-based approach significantly improved threat detection compared to the previous UEBA tool implemented by Company E. In addition, the automatically generated incident timeline for each user eliminates the need to collect and investigate evidence from different log sources, making it easier to understand the full picture of the incident, further improving the productivity of E's analysts. rice field. Exabeam Advanced Analytics has enabled Company E to improve the detection results of its existing security solution and improve the investigative capabilities of its SOC team.

Break away from conventional SIEM operation and automate log analysis

Company Profile
  • Headquarters: New Jersey, USA
  • Founded: 1961
  • Industry: IT/Telecommunications, Outsourcing
  • Number of employees: about 57,000
Task
Company F aggregates 800 million to 1.2 billion events per day with SIEM products, and it was necessary to detect threats such as lateral expansion of attackers from this data and recognize the situation. Traditional SIEM operations require each log to be pivoted to collect evidence and recognize the situation, and each incident can take days or weeks to investigate. I was looking for a possible solution.
solution
Exabeam Advanced Analytics analyzed all of Company F's vast array of events and established a baseline for all users from those events. From these baselines, it is now possible to detect behavior that deviates and easily grasp the situation with the user timeline.
result
Exabeam Advanced Analyticsによって、従来のSIEMを使った手作業によるグ検索、ピボットでの脅威の検出、状況認識の必要がなくなり、F社はインシデント調査の平均時間を数日~数週間から、数分単位への短縮を実現しました。

Improve IR time by prioritizing alerts and automating host-to-IP mapping

Company Profile
  • Location: Washington, USA
  • Founded: 1890
  • Industry: University
  • Number of students: about 31,000
  • Number of employees: about 20,000
Task
G School understands that it is difficult to detect all recent sophisticated threats with a correlation rule-based approach in such a huge environment, and many threats are detected even in low-level alerts of existing security products. was lurking. However, in investigations, it takes a lot of time to map IPs and hosts to understand the lateral expansion of attackers, and there is no time to investigate even low-level alerts in such a large-scale environment. did.
solution
Exabeam Advanced Analytics automates the time consuming host/IP mapping task. Not only that, but by adding existing low-level security alerts to the user timeline, you can understand what happened before and after that alert, making it easier and faster to prioritize which alerts to address. I was.
result
With Exabeam Advanced Analytics' automatic host/IP mapping and user timeline sorting out low-level alerts, G School's SOC team's incident response speed has improved by approximately 80%. The user timeline, which includes not only anomalies but also normal states, makes it possible to notice misconfigurations of servers, rules, policies, etc., and to understand problems before they become a threat.

Accelerate incident investigations with unlimited log aggregation

Company Profile
  • Location: Atlanta, USA
  • Founded: 1882
  • Industry: Public School District
  • Number of students: about 52,000
  • Number of employees: about 3,860
Task
District H, one of Georgia's largest school districts, with 88 schools and 52,000 students, had a lot of personal information to protect. We had already introduced several security products, but they all functioned independently, and we noticed from an external consultant that it was difficult to understand the series of lateral movement of attackers. In addition, since the logs of the devices were not centrally managed, it was necessary to investigate the logs of the network devices, terminals, and security products individually during forensic investigations. I needed it.
solution
First, we compared several SIEM products in order to centrally manage the logs of each device in one place. selected as By analyzing the logs aggregated in Data Lake with Exabeam Advanced Analytics, we have greatly improved the efficiency of conventional log investigation operations.
result
DataLake made it possible to centrally manage unlimited logs at a fixed cost. In addition, each log that normally had to be searched and stitched together by a SIEM was automatically sorted by the Exabeam Advanced Analytics user timeline, and the log investigation took 2-3 days. was also able to be shortened to a few hours.

Better return on investment with UEBA

Company Profile
  • Headquarters: California, USA
  • Founded: 1915
  • Industry: Retail
  • Number of employees: about 250,000
Task
Company I was considering a solution that could detect post-intrusion movement (lateral movement) in internal fraud and targeted attacks. For that reason, it was necessary to monitor the activities of users using the POS system and users on the internal network, but existing signature-based and static rule-based approaches were unable to detect threats from these users. was difficult and needed a behavior-based and dynamic approach at UEBA.
solution
Exabeam's UEBA approach has made it possible to detect potential threats from POS system users and internal network users. Since all activities are visualized as stories, it is possible to easily understand who is accessing, what kind of operation is being performed, and what kind of behavior is suspicious and why, so you can really pay attention It is now possible to focus on the person and action that should be performed.
result
After implementing Exabeam Advanced Analytics, the productivity of the SOC team was greatly improved, and as a result, the number of personnel in the SOC team was reduced.

Inquiry/Document request

In charge of Macnica Exabeam Co., Ltd.

inquiry Document request

Mon-Fri 8:45-17:30