Exabeam Launches New Security Intelligence Platform To Challenge Legacy SIEM Vendors

Exabeam announced on Tuesday the launch of its new Security Intelligence Platform, a solution it said will extend its user behavior analytics (UBA) offering to disrupt the legacy SIEM market.

The Exabeam Security Intelligence Platform includes five products: Exabeam Log Manager, Exabeam Advanced Analytics, Exabeam Incident Responder, Exabeam Threat Hunter and Exabeam Cloud Connectors. Combined, CEO Nir Polak said the products move Exabeam beyond what he called a "SIEM helper" to be a SIEM (security information and event management) replacement.

David Hark, president and CFO of AccessIT, a King of Prussia, Pa.-based Exabeam partner, said the new Security Intelligence platform gives his company new ways to address customer security challenges, particularly around data, intelligence and expertise.

[Related: Exabeam Lands $25M In Series B Funding, Looks To Go Global With Products And Partners]

Sponsored post

"UBA is primarily about detection, so the Exabeam value proposition was focused there. With the new platform, we can offer customers better alternatives for data collection and management, for intelligence through analytics, and for addressing security hiring pressures through automated incident response. It addresses many of the top pains for customers today," Hark said in an email to CRN. Exabeam sells 100 percent through the channel, Polak said.

While the market for SIEM solutions is growing – anticipated to hit $3 billion by 2020 – CMO Rick Caccia said it is also a market ripe for disruption.

"We think this is going to help reinvigorate a market that is a multi-billion-dollar market, but one that has gotten stale. That's what Palo Alto Networks did with the next-generation firewall …We will see the same thing happen with SIEM and we think we will light that on fire," Caccia said.

He said legacy SIEM vendors already see significant market changes, with ArcSight being sold to Micro Focus as part of a spin-out of some HPE software assets, McAfee being spun back out of Intel, and RSA joining Dell as part of Dell's blockbuster acquisition of EMC.

"You have a large portion of the market that's up for grabs. The customers don't think they can get supported. We think the time to move from the SIEM helper to the SIEM is about perfect," Caccia said.

Caccia said Exabeam would distinguish itself from traditional SIEM players by allowing for unlimited security data collection and also supplementing log collection with analytics and incident response capabilities. While some other vendors have moved to also offer these capabilities, most notably IBM with its Watson technology and recent Resilient Systems acquisition, Caccia said the underlying technology is still older. He said Exabeam also has the potential to reach the midmarket with its solution, while most legacy SIEM vendors focus on the enterprise.

AccessIT's Hark said his clients are challenged by the amount of data generated by SIEMs, which he said is difficult to manage and analyze. On top of that, he said many companies face a shortage of security talent to handle incoming SIEM alerts. He said he expects customers to evaluate a vendor change if they can lower their total cost of ownership and see increased effectiveness.

"An overall trend in the market is a set of new vendors coming up to offer solutions that the legacy security vendors can’t offer … We think this is one of those solutions, and customers will evaluate the benefits of adopting Exabeam against any effort to migrate," Hark said.

The announcement also comes at an inflection point for the UBA market, as the initial hype around the market starts to fade and integrated analytics becomes table stakes in many security technology categories. Caccia said he expects other UBA players will either make the shift to tackle the SIEM market as Exabeam has, or will fall by the wayside in the next year or two.

"We think the weak players are getting shaken out," Caccia said. "UBA will be focused on a couple of players. UBA isn't going to be a standalone market. It's a function in a broader play. You will see a lot of the UBA market make the shift to the broader SIEM market."