Attackers move laterally through a network, across users, machines and assets in search of high value data. Traditional IT devices, connected assets—like medical equipment, machinery, and power grid infrastructure—as well as cloud assets can all be targeted. These entities require the same monitoring as humans, since they often control production and operations, and can store sensitive corporate data including personal information, customer data or API data. Entity Analytics establishes baseline behavior for communication patterns, port and protocol usage, and operating activity, then automatically identifies irregular activity indicative of a security incident.
Prebuilt Incident Timelines
Automate the mundane, and unlock analyst efficiency. Entity Analytics includes Exabeam Smart Timelines: machine-built incident timelines for every entity, every day. Each timeline stitches both normal and abnormal behavior for a machine, IoT device, or cloud storage object in sequence, to allow analysts to see the bigger picture. Smart Timelines detail what happened during an incident and provide context for analysts to determine if the activity was normal or not, reducing the effort to gather evidence and increasing the speed of investigations.
Full Visibility into Entity Activity
Analysts monitoring data sources in isolation can miss an attack. Entity Analytics combines logs from various sources, including VPNs, cloud applications, email services, firewalls, NetFlow, and other specific IoT sensors and analyzes them using machine learning to identify attacker behavior that would otherwise go undetected.
Automatic IP Mapping
In most IT environments machines are dynamically assigned IP addresses by DHCP. If an incident occurs, security teams must go through the tedious, manual process of matching which assets correlate with the targeted addresses. Entity Analytics not only performs IP association on current addresses, but also all past DHCP IP addresses.
Rule and Signature-Free Detection
Let go of the outdated detection methods. Using correlation rules and threat signatures alone for detection often creates false positives and false negatives, because they lack context and can’t detect unknown attacks. Keeping up with the pace of manually maintaining rules could also be a full-time job. Entity Analytics frees analysts from the time-consuming limits of correlation. Using behavioral modeling and machine learning, Entity Analytics looks for abnormal activity—sensing risks and detecting anomalous events—without the tuning, maintenance, and false positives that drain productivity.