Pulling the Threads of Big Security Data
New software from Exabeam promises to help security researchers spot malicious users by “pulling the threads” of big security data and thereby uncovering patterns that otherwise would be difficult to discern.
The new software, called Threat Hunter, enables security analysts to search, pivot, and drill down across multiple dimensions of user activity to find sessions that contain specific risky behaviors, the company says.
Threat Hunter delivers some of the same type of user behavior analytics (UBA) capabilities that Exabeam delivered last fall with the initial release of its machine learning-powered UBA platform.
However, instead of relying on algorithms to piece together the various network activities, logon attempts, and other events that collectively represent the signature of a hacker breach, Threat Hunter empowers the human analyst to search through vast reams of log data to spot possible signs of malfeasance.
“The big difference is that Threat Hunter allows security pros to query the platform to find all users whose sessions contain specific activities or attributes, or any combination of activities or attributes,” an Exabeam spokesman says.
“For example, an analyst might first ask for all user sessions where the user logged into the VPN from a foreign country for the first time,” the spokesman continues. “The analyst can then trim the results by asking for users who then accessed a server for the first time, and then later the anti-malware software flagged a problem on that server. While each of these activities is independent of the others, the ability to combine them in a simple, point-and-click search provides significant power to even a junior analyst.”
Threat Hunter provides another take on a problem that has bedeviled security researchers for years: how best to search through vast collections of data to spot signs of the existence of cybercriminals within an internal network. By combining an easy-to-use GUI with the power of machine learning algorithms, Exabeam hopes it has come up with the right combination.
“To date, UBA products have only offered something like a recommendation engine for security alerts. It’s like using Netflix but you can only see the suggestions for you, never search for what you want,” Exabeam CEO Nir Polak says in a press release. “With Threat Hunter, Exabeam gives you the power of advanced search to find the imposters in your infrastructure.”