Story image

Cybereason and Exabeam fuse endpoint detection with SIEM

21 Nov 2017

Cybersecurity analytics platform provider Cybereason has partnered with fellow security firm Exabeam to create an integration that will bring endpoint detection and response together with User and Entity Behavior Analytics (UEBA) and next-generation SIEM.

Cybereason, which has a presence in Tokyo, London, Tel Aviv and Boston, formed the strategic partnership with Exabeam to help analysts and security operations center (SOC) users improve threat detection and reduce incident response time.

According to Cybereason CEO and cofounder Lior Div, the company is ‘thrilled’ to partner with Exabeam. The partnership will allow the company to integrate with SIEM, orchestration and automation tools.

“Furthermore, as we deepen our integration with Exabeam, we can empower our customers to use Cybereason's data platform not only to investigate Malops, but to bring in telemetry from uniquely identity-centric and log-based sources and provide new, rich context during real-time incidents and investigations,” Div continues.

According to Cybereason, the data shared between the Cybereason and Exabeam platforms will further enable analyst coordination and improve crucial exchange of ‘last mile’ endpoint and deep user and entity behavioural information.

Exabeam CEO Nir Polak adds that Cybereason is an ‘ideal’ partner for the company.

“Our joint customers now have the ability to ingest their valuable EDR and NGAV data into our Next-Gen SIEM for behavioral analysis. This holistic analysis combines Cybereason data with that of other security solutions to help customers detect complex threats. Additionally, Exabeam’s security orchestration and response automation helps customers respond to threats via playbooks that can trigger responsive actions using Cybereason’s EDR,” Polak explains.

The two companies will also leverage Cybereason findings with Exabeam-collated third party data from other security solutions including DLP, VPN and proxies.

They believe SOC users will get more value than they would with standalone solutions.

“Incident alerts triggered in Cybereason can be used by Exabeam as part of pre-built incident timelines which identify anomalous behavior, as well as trigger an incident response playbook that can perform corrective actions including quarantining the affected endpoint,” the company explains.

Earlier this month Cybereason revealed details of a ransom wiper that targeted some Japanese companies.

The wiper, called ‘Night of the Devil’, used the bootkit MBR-ONI ransomware, which may have been modified to work as a wiper to cover up the attacks.

“The use of ransomware and/or wipers in targeted attacks is not a very common practice, but it is on the rise. We believe ‘The Night of the Devil’ attack is part of a concerning global trend in which threat actors use ransomware/wipers in targeted attacks,” comments Cybereason director of advanced security services, Assaf Dahan.

The wiper is based on DiskCryptor, a genuine encryption utility.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.