• slide
  • slide
  • slide


Exabeam is behavior-based breach detection and response software. Exabeam was started in July 2013 to address two security problems. The first is finding targeted attacks and attackers that have slipped past perimeter defenses using stolen user credentials. The average time to detect targeted attacks is now greater than 200 days--if they are detected at all. Exabeam employs a machine-learning engine that learns and baselines normal historic user credential behaviors and access characteristics and also compares the behaviors to that of their peers as defined in Active Directory (LDAP). Exabeam automatically asks the questions an analyst would, using proprietary algorithms to determine anomalous behaviors.

The second problem is the length of time it takes to respond to a possible attack. The first step in the process is to assemble all the data needed to put together the entire attack chain for attack vector analysis. This can take days or weeks. Exabeam uses a proprietary identity state engine to assemble a credential use timeline of normaland abnormal activities for each user. Security infrastructure alerts are also attributed to a user’s credential and placed on the timeline.

Exabeam collects credential data from a variety of SIEM and log management data repositories identity information from Active Directory. Most customers are analyzing sessions in a few hours once initial data collection is completed. Exabeam’s real-time behavior-based detection and automated attack vector analysis collapses the detection and response process, speeding up accurate detection of the stealthiest attacks.


The Exabeam user behavior analytics solution integrates with the latest data science techniques to quickly uncover cyber attacks and drive security operational efficiencies. A few key product features that are pioneering how security is done:

  • Automated discovery of asset types
  • Automated discovery of service accounts
  • Visibility into departmental behavior risk and employee activities


Protecting Data in University and Higher Education Institutions

When students enroll in a college or university, they trust that institution to keep their data safe. Many schools collect sensitive financial data, as well as data like contact information and personally identifiable information such as social security numbers. Without sufficient security, bad actors could easily gather that information and exploit it. Read more.


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021




Threat hunting enables analysts to proactively search for and respond to adversaries on the network. Exabeam Threat Hunter brings the power of threat hunting to every analyst within a Security Operations Center (SOC).

Exabeam, an industry pioneer of User Behavior Intelligence, leverages existing SIEM and log management data repositories to understand a complete picture of user session activities from log on to log off, allowing the technology to detect account impersonation throughout the attack chain. The Ex...

One of the biggest challenges for any federal agency is finding ways to identify and minimize the impact of insider threats -- that someone with access to the organization’s networks (an employee, former employee, or contractor) will use that access maliciously. Compounding the problem, if someone...

Unlimited security data collection, indexing, and search.

Implementing an unlimited logging solution like Exabeam Data Lake frees up security budget, that can be repurposed to invest in threat detection and incident response.

Solutions Brief

In 2011, U.S. Executive Order 13587 established the National Insider Threat Task Force (NITTF), under joint leadership of the Attorney General and the Director of National Intelligence. A year later, the President issued the National Insider Threat Policy. This policy introduced a set of standards -...


Join Rocky Rashidi, Senior Product Manager, and Abel Morales, Regional Sales Engineer at Exabeam, as they cover MITRE ATT&CK, also known as the MITRE framework, and how it's used with the Exabeam platform. Information security professionals looking to up their game will learn how moving from Indicat...


In evaluating UBA solutions’ ability to detect, prioritize, and response, it is important to understand the full potential of data science-driven analytics. Organizations should ask their vendors if they can support the following Top 12 UBA use cases, and most importantly, demand that the vendor...

Threat hunting and incident response are critical roles of security operations center (Soc) Analysts. With the ever-rising sophistication of new and emerging attacks, analysts need an edge to stay ahead of adversaries.

As first responders, security analysts are painfully aware that the complexity of cyberattacks is on a steep rise.