Issue (1) Pay-as-you-go billing according to the amount of data. Limited scope of log analysis and cost variability

Currently, most of the SIEM products deployed in Japan are pay-as-you-go based on the volume of logs. In some cases, to contain costs, only limited logs can be stored, limiting the scope of analysis. In addition, costs rise significantly as business expands through corporate mergers and acquisitions (M&A) and increases in personnel. Proxy servers and terminal logs, which tend to leave traces of attacks, have a large amount of data to begin with, so the impact is large. There are many companies that have not been able to keep up with the increase in logs and are not able to use it even though they have introduced it.

Issue (2) The conventional rule-based approach is weak against "unknown threats" and "internal impropriety countermeasures"

The mainstream approach in traditional SIEM is to "analyze logs and detect threats based on human-prepared rules." In order to operate properly, maintenance such as frequent rule updates is required, and this approach cannot counter unknown attack methods in the first place.

It is also difficult to detect internal fraud. As work styles have diversified in recent years, the behavior of the system has also diversified, making it difficult to create unified judgment criteria. Even if you go through the trouble of defining rules, many false positives and oversights will occur depending on the rules, and it will not lead to appropriate predictive detection.

Problem (3) Log analysis is difficult. Requires advanced skills and requires a huge amount of man-hours

The types of logs that can be collected and the output format differ depending on the device. Many companies are suffering from a shortage of security personnel because conventional SIEM requires advanced skills to search centrally managed logs, investigate their relevance, and grasp the overall picture. . In addition to security knowledge, it is also necessary to have network knowledge and an understanding of the internal environment, so analysis takes a huge amount of man-hours and initial response to incidents tends to be delayed.

Features (1) Comprehensive monitoring with subscription billing. Smooth budget management

「Exabeam」の課金体系は、ユーザ数に対するサブスクリプション方式です。データ量を気にせず、必要なログをすべて収集して、包括的な監視を実現できます。データ量によってライセンスコストが変動しないため、予算管理もスムーズに行えます。

Feature (2) Detect signs with machine learning UEBA. Counter unknown threats and insider fraud

"Exabeam" is equipped with UEBA (User and Entity Behavior Analytics), which uses machine learning to analyze the daily behavior of users and devices and detect abnormal behavior at an early stage. It is effective in detecting unknown threats that cannot be ruled in advance and internal fraud.

Feature (3) Logs are made into a timeline with patented technology. Anyone can grasp the situation quickly

Exabeam uses patented technology to link various logs to users, automatically analyze them, and display them as a timeline. Even without advanced IT skills, anyone can easily and quickly grasp the overall picture of the incident.

The next-generation SIEM, which utilizes new technologies and provides cutting-edge log analysis, makes it easier and more familiar to implement targeted attacks and internal fraud countermeasures in companies.