Exabeam Taps Kubernetes to Deliver Next-Gen SIEM
At its Spotlight22 user conference, Exabeam today launched a revamped version of its security information event management (SIEM) platform, dubbed New-Scale SIEM, that takes advantage of cloud-native technologies such as Kubernetes to consume infrastructure resources more efficiently.
In addition, Exabeam is also making it possible to separately employ its security log management and analytics tools without having to acquire its entire SIEM platform.
Gorka Sadowski, chief strategy officer for Exabeam, said the goal is to make it simpler for organizations that have adopted other security platforms to, for example, take advantage of the Exabeam Security Analytics offering to detect threats based on anomalous behavior indicative of a cybersecurity threat.
Legacy SIEM platforms require organizations to allocate a specific amount of IT infrastructure resources to handle peak processing loads. Exabeam is taking advantage of cloud-native technologies—such as Kubernetes running on the Google Cloud Platform (GCP)—to process logs at sustained speeds of over one million events per second. Search query responses across petabytes of hot, warm and cold data can now be processed in seconds, as well.
The New-Scale SIEM platform comes with nearly 8,000 pre-built parsers to reduce onboarding, deployment and run times and, as an open platform, has been integrated with approximately 550 different third-party products. Exabeam also provides more than 1,800 pre-built correlation rules along with more than 1,100 anomaly detection rules that leverage more than 750 behavior analytics detection models, Sadowski said.
Given the level of scale now required to detect threats involving, for example, stolen credentials, Sadowski said it’s only a matter of time before more organizations replace legacy SIEMs in on-premises IT environments because they can’t keep pace with the levels of processing required to accurately identify threats. Those platforms leave security teams relying too much on guesswork because not enough data is being correlated, he added.
It’s not clear how quickly SIEM platforms will be transitioning to cloud computing environments, but as threats continue to increase in volume and sophistication, the amount of compute resources a SIEM platform can dynamically access has become an issue. Many security teams are simply overwhelmed by the number of attacks being launched. A SIEM platform that incorporates behavioral analytics should also reduce the level of fatigue experienced by those teams by reducing the number of false-positive alerts being generated.
In time, most cybersecurity platforms will be taking advantage of platforms such as Kubernetes to more efficiently process data in the cloud and help even the odds of detecting cybersecurity threats. It may not be possible to stop every attack, but it’s apparent that once a threat is detected, time is of the essence. After all, cybersecurity teams are judged just as much by their ability to respond to threats in a timely fashion as much as they are by their ability to thwart them. As such, the amount of compute resources that can be made available on demand within seconds now matters more than ever.
