Exabeam, the security analytics and automation company, today announced Exabeam Alert Triage, a new cloud-native application that will help security analysts confidently wrangle the overwhelming number of alerts coming at them each day from a myriad of other third-party vendor tools. Included as a new integrated application for all cloud customers using Exabeam Advanced Analytics and Exabeam Case Manager, Alert Triage enriches alerts with context and presents them in a single screen so analysts can make faster decisions about which alerts to escalate or dismiss. It also ensures analysts don’t miss the critical alerts that require escalation to prevent breaches.
“Analysts receive thousands of security alerts a day spread across disparate tools. Unable to keep up with the volume, they must ignore a significant number of them, which leaves their organizations vulnerable to threats,” said Adam Geller, chief product officer at Exabeam. “We developed the Alert Triage application to provide automation throughout the triage workflow so security analysts can be freed up to focus on what matters most — fortifying their organization’s cybersecurity defenses to prevent breaches.”
“We’ve had great success running Alert Triage in its beta version. At first, watching so many alerts get centralized into a single screen was somewhat unbelievable, but Exabeam has done it,” said Zane Gittins, IT security specialist at Meissner. “It’s been refreshing to not have to go from app to app to look at different alerts and it absolutely reduces the time it takes to triage them.”
Security personnel say they are only able to investigate 45% of the daily alerts they receive, according to research from the Ponemon Institute. The report surveyed 596 IT and security practitioners and also found that 33% of alerts in traditional SIEMs are false positives.
The traditional triage process requires analysts to first determine what the alert is for (users or entities), gather the right contextual information (positions, locations, sources, etc.), and then sift through logs to determine the priority of the alert. Next, an analyst must decide whether or not to escalate it for further review. Blending traditional triage workflows with context generated from machine learning-based analytics, Alert Triage does this time-consuming and tedious work automatically. It categorizes, aggregates, and enriches alerts with contextual data including host, IP, severity of alerts, related behavioral anomalies and overall risk scores of associated users and entities.
From the security alert, analysts can easily navigate to an associated user or entity timeline to understand what happened before and after the alert was triggered. Armed with context to understand the scope of the security alert, analysts can rapidly and confidently dismiss or escalate the alert to the incident response team.
Alert Triage benefits include:
- Visibility. Centralizing the alert triage process and organizing an analyst’s triage efforts enables analysts to review alerts faster. Visibility into all of the alerts that security tools have triggered in an organization minimizes the likelihood that an alert is missed or overlooked.
- Focus. The ability to categorize alerts allows managers to create and assign channels to team members. A channel helps focus an analyst’s attention on a specific type of alert and allows them to develop subject matter expertise.
- Productivity. An analyst can triage alerts in aggregate batches, which boosts their productivity. Greater productivity means analysts are able to review a higher percentage of incoming alerts and reduce the possibility that an alert will go unreviewed and lead to a breach.
“When we look at the latest security incidents such as the SolarWinds or Microsoft Exchange attacks, more likely than not, the impacted organizations had at least one security alert generated about the threats from one of their third-party security vendor tools,” said Gorka Sadowski, chief strategy officer at Exabeam. “Unfortunately, that alert was likely drowned in all of the other false positive alerts and had to be discarded. Exabeam helps our customers spend time on the alerts that really matter.”
Exabeam helps security teams outsmart the odds by adding intelligence to their existing security tools – including SIEMs, XDRs, cloud data lakes, and hundreds of other business and security products. Out-of-the-box use case coverage repeatedly delivers successful outcomes. Behavioral analytics allows security teams to detect compromised and malicious users that were previously difficult, or impossible, to find. Automation helps overcome staff shortages by minimizing false positives and dramatically reducing the time it takes to detect, triage, investigate and respond. For more information, visit https://www.exabeam.com.
Exabeam, the Exabeam logo, Threat Hunter, Smart Timelines, and Security Management Platform are service marks, trademarks, or registered marks of Exabeam, Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2021 Exabeam, Inc. All rights reserved.