Cybereason and Exabeam fuse endpoint detection with SIEM
Cybersecurity analytics platform provider Cybereason has partnered with fellow security firm Exabeam to create an integration that will bring endpoint detection and response together with User and Entity Behavior Analytics (UEBA) and next-generation SIEM.
Cybereason, which has a presence in Tokyo, London, Tel Aviv and Boston, formed the strategic partnership with Exabeam to help analysts and security operations center (SOC) users improve threat detection and reduce incident response time.
According to Cybereason CEO and cofounder Lior Div, the company is ‘thrilled’ to partner with Exabeam. The partnership will allow the company to integrate with SIEM, orchestration and automation tools.
“Furthermore, as we deepen our integration with Exabeam, we can empower our customers to use Cybereason's data platform not only to investigate Malops, but to bring in telemetry from uniquely identity-centric and log-based sources and provide new, rich context during real-time incidents and investigations,” Div continues.
According to Cybereason, the data shared between the Cybereason and Exabeam platforms will further enable analyst coordination and improve crucial exchange of ‘last mile’ endpoint and deep user and entity behavioural information.
Exabeam CEO Nir Polak adds that Cybereason is an ‘ideal’ partner for the company.
“Our joint customers now have the ability to ingest their valuable EDR and NGAV data into our Next-Gen SIEM for behavioral analysis. This holistic analysis combines Cybereason data with that of other security solutions to help customers detect complex threats. Additionally, Exabeam’s security orchestration and response automation helps customers respond to threats via playbooks that can trigger responsive actions using Cybereason’s EDR,” Polak explains.
The two companies will also leverage Cybereason findings with Exabeam-collated third party data from other security solutions including DLP, VPN and proxies.
They believe SOC users will get more value than they would with standalone solutions.
“Incident alerts triggered in Cybereason can be used by Exabeam as part of pre-built incident timelines which identify anomalous behavior, as well as trigger an incident response playbook that can perform corrective actions including quarantining the affected endpoint,” the company explains.
Earlier this month Cybereason revealed details of a ransom wiper that targeted some Japanese companies.
The wiper, called ‘Night of the Devil’, used the bootkit MBR-ONI ransomware, which may have been modified to work as a wiper to cover up the attacks.
“The use of ransomware and/or wipers in targeted attacks is not a very common practice, but it is on the rise. We believe ‘The Night of the Devil’ attack is part of a concerning global trend in which threat actors use ransomware/wipers in targeted attacks,” comments Cybereason director of advanced security services, Assaf Dahan.
The wiper is based on DiskCryptor, a genuine encryption utility.