Exabeam new product looks to solve alert fatigue and prevent breaches
- Published: Tuesday, 30 March 2021 08:31
Exabeam has announced Exabeam Alert Triage, a new cloud-native application that will help security analysts deal with the overwhelming number of alerts coming at them each day from a myriad of third-party vendor tools. Included as a new integrated application for all cloud customers using Exabeam Advanced Analytics and Exabeam Case Manager, Alert Triage enriches alerts with context and presents them in a single screen so analysts can make faster decisions about which alerts to escalate or dismiss. It also ensures that analysts don’t miss the critical alerts that require escalation to prevent breaches.
“Analysts receive thousands of security alerts a day spread across disparate tools. Unable to keep up with the volume, they must ignore a significant number of them, which leaves their organization vulnerable to threats,” said Adam Geller, chief product officer at Exabeam. “We developed the Alert Triage application to provide automation throughout the triage workflow so security analysts can be freed up to focus on what matters most - fortifying their organization's cyber security to prevent breaches.”
“We’ve had great success running Alert Triage in its beta version. At first, watching so many alerts get centralised into a single screen was somewhat unbelievable, but Exabeam has done it,” said Zane Gittins, IT security specialist at Meissner. “It’s been refreshing to not have to go from app to app to look at different alerts and it absolutely reduces the time it takes to triage them.”
Security personnel say they are only able to investigate 45 percent of the daily alerts they receive, according to research from the Ponemon Institute. The report surveyed 596 IT and security practitioners and also found that 33 percent of alerts in traditional SIEMs are false positives.
The traditional triage process requires analysts to first determine what the alert is for (users or entities), gather the right contextual information (positions, locations, sources, etc.), and then sift through logs to determine the priority of the alert. Next, an analyst must decide whether or not to escalate it for further review. Blending traditional triage workflows with context generated from machine learning-based analytics, Alert Triage does this time-consuming and tedious work automatically. It categorises, aggregates, and enriches alerts with contextual data including host, IP, severity of alerts, related behavioural anomalies and overall risk scores of associated users and entities.
From the security alert, analysts can easily navigate to an associated user or entity timeline to understand what happened before and after the alert was triggered. Armed with context to understand the scope of the security alert, analysts can rapidly and confidently dismiss or escalate the alert to the incident response team.