Exabeam Extends Scope and Reach of SIEM Platform
Exabeam today added a bevy of capabilities to its New-Scale Security Operations Platform, including support for open application programming interface (API) and an ability to search data stored in the LogRhythm security information event management (SIEM) platform it acquired last year.
In addition, a Netmon module for collecting telemetry data originally developed by LogRythm can now also be used with the New-Scale Security Operations Platform.
Exabeam has also added a workbench for cybersecurity analysts that makes it simpler to manage cybersecurity threats by, for example, grouping related issues.
Finally, Exabeam is now making it possible to apply business factors to how cybersecurity threats are scored and adding integrations with Cloudflare Beat to provide visibility into log data stored on the S3 cloud storage service provided by Amazon Web Services (AWS).
Overall, Exabeam now provides integrations with more than 3,500 applications that can be continuously analyzed using built-in rules or deep packet scripts and multiple AI tools that Exabeam added last year.
Exabeam provides organizations with the SIEM option of using either its New-Scale Security Operations platform hosted in the cloud or a LogRhythm platform that they can alternatively host anywhere.
At the core of the overall Exabeam integration strategy is an API based on the OpenAPI Specification (OAS), which defines a standard, language-agnostic interface for HTTP APIs that enables both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or relying on network traffic inspection. When implemented, an organization can consume a remote service with a minimal amount of implementation logic.
Steve Wilson, chief product officer for Exabeam, said an open API will make it simpler for organizations to create playbooks for responding to cybersecurity incidents that span a much wider variety of third-party services, including the Wiz cloud-native application protection platform (CNAPP).
Those playbooks are now also much simpler to create using tools that don’t require a lot of application development expertise, he added.
As cybersecurity threats increase in both volume and sophistication, the need to be able to analyze threats in a way that allows cybersecurity teams to prioritize remediation efforts has never been more apparent. The challenge is analyzing the massive amounts of telemetry data that need to be collected. Fortunately, advances in AI are now making it possible to achieve that goal, however, there is a significant amount of cost that needs to be incurred.
Like it or not, however, it’s also only a matter of time before cybercriminals themselves start to invoke AI tools to discover more zero-day vulnerabilities faster. In effect, organizations are now locked in an AI cybersecurity arms race, noted Wilson.
Of course, AI is only as useful as the data being exposed to it, so cybersecurity teams will need to find ways to more cost-effectively store and analyze what is quickly becoming massive amounts of data that is now being generated by more sources than ever, as the overall attack surface that needs to be defended only continues to expand.