While Exabeam introduced a SaaS offering in 2018, the new offering is a multi-tenanted version of their traditional big iron product. Exabeam also announced new features for their core SIEM offering.

Last week, at the RSA event, security vendor Exabeam launched the Exabeam Cloud Platform. The new multi-tenanted cloud platform will support applications such as the new Exabeam Cloud Archive, and the previously announced Exabeam Threat Intelligence Service. These applications will be available through the Exabeam Application Marketplace, as will third-party applications, going forward. New features for the core Exabeam Security Management Platform [SMP] SIEM offering, such as out of-the-box cloud playbooks, were also announced.

“These new features are very important, but what we are really the most excited about is the building of this multi-tenant platform that will allow us to execute on the vision of becoming the central console for users and bringing apps in like Salesforce does,” said Ted Plumis, Vice President of Channels, Business and Corporate Development at Exabeam. “That’s what we will do for security.”

Historically, Exabeam sold an on-prem product for big iron deployments, and they made their first move into the cloud 18 months ago, with a SaaS-based offering.

“SaaS was the big initial demand, Plumis said. “That’s why we went to that model first, but we were building this cloud-native offering in parallel as well. The SaaS is a single tenant offering for customers who have a ‘lift and shift’ strategy. It has been very successful, and pipeline is ramping up.”

The cloud offering that Exabeam has announced here is something very different.

“What we are announcing now is a new cloud-native platform that we will be built on going forward,”  Plumis emphasized. “We will still sell big iron to customers who want that, but now with this cloud platform, you will be able to consume Exabeam any way you want.”

Plumis emphasized that Exabeam Cloud Platform is multi-tenanted, which will allow for the provision of more services, although he also emphasized that it will be service provider partners, not Exabeam itself, who will provide these services.

“We will not manage the platform as a managed service, but our service providers will add value in taking that burden off of the customer,” he said. “I think it also definitely opens new markets, in the MDR space as well as managed services. Customers who have built log collection and response on legacy SIEMS are looking at migrating away from that. We have signed a few of those, in Europe and Asia mainly, although the US is growing. We also think that this will open up the sub 2,500 user market down to small and medium businesses, where historically they didn’t want to buy an on-prem.”

Plumis acknowledged that other SIEM vendors are also in pursuit of these same objectives of expanding their legacy technology into a modern open security platform, but believes that Exabeam has a competitive advantage here.

“Everyone has that vision, but it’s hard for many to execute on it the way they have built their products,” he said. “They have a central tool, but their platform revolves around their products, and their platforms were typically built before the advent of big data and are more than 5-10 years old. It’s my opinion that we are the fastest vendor from release to 100 million to cross that threshold because of the way that we allow data to be modeled and accessed. We have customers who use us for non-security things – tracking delivery trucks, or airplane flights or IoT things. That’s why the platform is important. It’s very hard for legacy SIEMs working off log data and correlation rules.”

The first tool for the new platform is the Exabeam Parser Editor, a self-service parser tool, that will be available in a limited release in Q2 2020 with the launch of the Exabeam Cloud Studio on the Cloud Platform. Exabeam says it will save engineers an average of six hours a week by making it easy to build parsers for new log types, and to modify existing parsers by uploading a log file using a self-service wizard.

Exabeam also announced new features to their core product, the Exabeam SMP SIEM, that can be deployed as SaaS, in a public or private cloud, or as software on premises. They will be available in Q2 of 2020.

“We have added new out-of-the-box automated playbooks where they don’t have to license a bunch of other products for specific use cases,” Plumis said. “That’s what turnkey means here. In the incident response market, there are two types of playbooks. One is is tailored to vast organizations, which you can’t create for the mass market. The other is ones that apply to everyone around things like compromised users, malware, and phishing. To those, we have now added a threat intel feed and sandboxing.”

New cross-platform integrations that let analysts seamlessly pivot from events in a user timeline back to the raw log have also been introduced.

“We are the only vendor who has built from the ground up all the components of the security management platform – data lake, analytics and orchestration and response,” Plumis said. “We have made the console a lot more robust.”

Last, but for SOC analysts, not least, is the introduction of a dark mode option to improve analysts’ visual experience.

“The fatigue of staring at these bright screens all day can be significant.” Plumis indicated. “To SOC people, this is very important.”