CrowdStrike Falcon Identity Protection delivers identity threat detection and response (ITDR) capabilities, protecting organizations from identity-based attacks in real time. It unifies identity and endpoint protection. Falcon® Identity Protection ensures comprehensive visibility and protection across on-premises, cloud, and hybrid identity environments. By baselining normal user behavior, it detects and prevents malicious identity activity, stopping adversaries in their tracks. It also extends…
N/A
Exabeam Fusion
Score 4.2 out of 10
N/A
Exabeam headquartered in San Mateo, Exabeam Fusion, a SIEM + XDR. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The Exabeam platform can be deployed on-premise or from the cloud. Exabeam can also integrate information from the Exabeam Threat Intelligence Service, or into a third-party SIEM.
Identity Protection is well suited for organizations that need to be monitor AD/Entra for suspicious activity. During a Penetration Test our MDR didn't alert on some odd protocol implementations, but ITDR did. It is also simple to setup for MFA on RDP as well. There are other solutions for it, but found I got more out of ITDR than I did from Duo. ITDR is less suited for smaller organizations since it has a 250-seat minimum. They should lower it to at least 100.
As a SIEM tool for investigations, Exabeam is the best in class. The AI assigns numeric values to observed logs them presents high scores to the analyst in a simple dashboard. We can see what is a real threat and ignore so many false positives. Exabeam is the best SIEM was used from an alert fatigue perspective. The simple interface allows other teams not just InfoSec to utilize the tool; helpdesk for asset diagnoses, HR for staffing questions, etc.
While the product is solid, I do find there are an excessive number of sections you can navigate to. It takes some time getting used to, but it is a very powerful product. It's not something you'll master right off the bat.
The system is set up to run out of the box. It has a simple easy to understand the graphical interface. Exabeam designed its SIEM from the ground up to be user-friendly and intuitive. They designed it to use plain text searches so no special training is needed. You do NOT have to learn another programming language and keep up with it daily to be proficient and productive with the tool, unlike all other SIEMs we have used before. Did I mention we love Exabeam?
The engineers working to support Exabeam are very professional and competent. They always arrive prepared for troubleshooting meetings and provide helpful input to resolve most issues without requiring excessive escalation whenever possible. Their support team is good at promptly providing parsers that can be used to enhance the product's functionality and ensure fields are all populated.
When comparing to Cisco Duo, I felt like the product offered more than just MFA on RDP. When comparing to Silverfort, it came down to pricing. Silverfort was double the cost and I didn't like how Silverfort had separate SKUs. If you wanted MFA on everything the cost increased dramatically.
Being able to see right away during a Penetration Test that the product detected anomalies, but our MDR service didn't. It allowed us to go back to the MDR service to show them the results and fix the issue from slipping through the cracks.
By satisfying the requirements from our insurance provider, our premiums didn't go up (MFA on RDP).
