Story image

Cybereason and Exabeam fuse endpoint detection with SIEM

21 Nov 17

Cybersecurity analytics platform provider Cybereason has partnered with fellow security firm Exabeam to create an integration that will bring endpoint detection and response together with User and Entity Behavior Analytics (UEBA) and next-generation SIEM.

Cybereason, which has a presence in Tokyo, London, Tel Aviv and Boston, formed the strategic partnership with Exabeam to help analysts and security operations center (SOC) users improve threat detection and reduce incident response time.

According to Cybereason CEO and cofounder Lior Div, the company is ‘thrilled’ to partner with Exabeam. The partnership will allow the company to integrate with SIEM, orchestration and automation tools.

“Furthermore, as we deepen our integration with Exabeam, we can empower our customers to use Cybereason's data platform not only to investigate Malops, but to bring in telemetry from uniquely identity-centric and log-based sources and provide new, rich context during real-time incidents and investigations,” Div continues.

According to Cybereason, the data shared between the Cybereason and Exabeam platforms will further enable analyst coordination and improve crucial exchange of ‘last mile’ endpoint and deep user and entity behavioural information.

Exabeam CEO Nir Polak adds that Cybereason is an ‘ideal’ partner for the company.

“Our joint customers now have the ability to ingest their valuable EDR and NGAV data into our Next-Gen SIEM for behavioral analysis. This holistic analysis combines Cybereason data with that of other security solutions to help customers detect complex threats. Additionally, Exabeam’s security orchestration and response automation helps customers respond to threats via playbooks that can trigger responsive actions using Cybereason’s EDR,” Polak explains.

The two companies will also leverage Cybereason findings with Exabeam-collated third party data from other security solutions including DLP, VPN and proxies.

They believe SOC users will get more value than they would with standalone solutions.

“Incident alerts triggered in Cybereason can be used by Exabeam as part of pre-built incident timelines which identify anomalous behavior, as well as trigger an incident response playbook that can perform corrective actions including quarantining the affected endpoint,” the company explains.

Earlier this month Cybereason revealed details of a ransom wiper that targeted some Japanese companies.

The wiper, called ‘Night of the Devil’, used the bootkit MBR-ONI ransomware, which may have been modified to work as a wiper to cover up the attacks.

“The use of ransomware and/or wipers in targeted attacks is not a very common practice, but it is on the rise. We believe ‘The Night of the Devil’ attack is part of a concerning global trend in which threat actors use ransomware/wipers in targeted attacks,” comments Cybereason director of advanced security services, Assaf Dahan.

The wiper is based on DiskCryptor, a genuine encryption utility.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.