The combined solution, which integrates Corelight Sensor data with the Exabeam Security Management Platform, will help joint customers in their efforts to detect, investigate and respond to increasingly advanced threats.
Many sophisticated attacks move laterally through a network, leveraging users and machines in search of high value data. These attackers are often difficult for security teams to detect, as their movements blend in with legitimate user activity and network traffic. The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
The joint Exabeam and Corelight solution can augment, provide additional context to, and enable rapid analysis of network data. Corelight Sensors provide real-time, actionable insight into network traffic across multiple business sites by extracting hundreds of security-relevant pieces of data across dozens of protocols and data types.
Since virtually all attacks must traverse networks, making NSM a fundamental part of cybersecurity defense is an essential step for any organization. Based on open-source Zeek (formerly known as Bro, the powerful and widely-used open source network analysis framework), Corelight Sensors serve as a unifying foundation for security teams that require immediate visibility into the data on their networks.
Exabeam ingests network alerts from Corelight Sensors via syslog and combines them with existing log data, third party tools, and contextual data from identity and authentication tools to establish a baseline of normal behavior for all assets in an organization — including communication patterns, ports and protocols used, and operating activity.
The Exabeam Security Management Platform automatically identifies risky, anomalous device activity that may be indicative of a security incident or compromise. By gathering all related events into Exabeam Smart Timelines, prebuilt timelines that automatically reconstruct the events underlying security incidents, the platform enables analysts to stop spending time combing through raw logs to investigate. The joint solution enables security analysts to easily identify suspicious activity and remediate threats in real-time.