Exabeam Reviews

So my use of Exabeam was primarily focused on ingesting logs from multiple web services. The current product is designed for our organization, which involves managing multiple web services and microservices deployed on different servers. Previously, before utilizing Exabeam, we had to manually log into each server and search for the existing logs. Tracking all the logs for various web services, whether in production or in other environments like pre-production, was a challenging task. 

To address this, we incorporated Exabeam agents, both collector agents for Windows servers and Linux servers. This allowed us to collect all the logs on a single platform. If we needed specific logs for a particular service, we could directly access them on the Exabeam Cloud. 

The problem I was facing was with the user interface (UI) when trying to identify the exact services and server names.

The problem I was facing was with the UI when trying to identify the exact services and server names. The UI's left panel was not as informative as I expected. Often, when we needed to retrieve specific information or details, the UI provided a lot of information along with filter criteria. Without the filter criteria, we had to make certain changes in the Exabeam UI. For example, there were three options available to display logs: raw, execution, and view. When selecting "raw," we obtained comprehensive information, but some details were repetitive, such as the server name, service name, method, and agent activities at different times. Although we could access this information, it took time to identify the exact log statement, especially in the case of exception-related log statements. Determining the timestamp at which a particular log was ingested posed a challenge.

This improvement will assist our developers in precisely identifying their logs. Even though you have provided a bar to create a customized dashboard for verifying logs of any service, there is still a problem. If a log is generated on the production server, let's say at 8:30 PM IST or at the present time, it takes a few seconds to be ingested into Exabeam Cloud. However, in the company, Exabeam always shows repetitive logs if my log file hasn't been generated. For example, if nothing has been logged or no action has been performed on the application for the past two hours, my log file will be empty. But still, by default, the agent collectors will check the specific location we configured for log ingestion. If that location doesn't contain anything, the logs are displayed on the screen by default. This is why we need to filter and search through numerous timestamps to find the exact location of our logs.

I have used Exabeam Fusion SIEM for over a year and a half. 

The stability of the product is best. I would rate it a nine out of ten. 

I would rate the scalability a seven out of ten. So there's room for improvement in terms of scalability as well.

The application is also scalable without any issues. However, when you add more and more filtering criteria, the application tends to slow down.

Previously, there were almost 100 users using this solution. 

Exabeam provided great support and helped us overcome any problems and obstacles we faced, especially when we had issues with the agent collector installation on a server. I'm happy with the support provided.

The setup is not difficult. It was easy. The documentation provided on the Exabeam documentation website was already there, so that was perfect. I didn't face any issues with that. The only challenge I had was figuring out how to find or filter the criteria to locate my exact log, as sometimes there are keywords or messages that are forwarded.

So, if I mention a forwarder with a specific IP address or server address, it gives me a whole bunch of logs that are already there. It would be great if I could access my latest or earliest logs.

There are many filter criteria available. I can retrieve logs from one hour, two hours, seven days, or twenty-four hours ago. But having logs in real-time would be very helpful. Real-time logs would be beneficial.

The reason I mention real-time is that, in ELK or Splunk, we don't face any issues when it comes to finding the exact log. They create a separate area where you can directly search for logs using keywords. 

However, in Exabeam's filter criteria, we need to use key-value pairs to match specific logs or services. For example, if I want to create a filtering criteria based on my service name, I need to specify the key as "service name," followed by a colon and the service name in double quotation marks. Similarly, with "forwarder: server address" I can locate logs for a specific service deployed on that server address.

The platform is perfect. There are no drawbacks or major issues. However, enhancing the UI with minimal filtering criteria would be really helpful. We should focus on improving the UI screens where all the logs are displayed.

I would recommend using the solution. The reason is when I approved the use of Exabeam; my client was facing issues managing logs deployed on different servers. So I suggested migrating all the logs to a single platform. They agreed, and we started exploring options, eventually choosing Exabeam. Now, my client exclusively uses Exabeam for log management.

But the only problem is that the UI is not very impressive. The UI lacks the ability to easily access all the necessary information. For example, when searching for specific keywords related to my service name or service address, the search results take some time to provide an exact match. It can be frustrating when the response time is slow.

Overall, I would rate the solution a nine out of ten. 

We struggled a bit with Exabeam initially, particularly with data ingestion, since it was at the early stage of our project. We experienced some downtime with the Data Lake when it was integrated with Exabeam.

Regarding IOC searches, which involve looking for malicious files or IP addresses, Data Lake provided good results when it was operational. Several instances of downtime affected our ability to perform these searches effectively.

It is user-friendly and quite simple to use.

Exabeam lacks customizable dashboards, which might be a limitation if visualization is a key requirement.

I have been using Exabeam for one and a half years. We implemented it as a SaaS tool in one of our clients.

We work with a Fortune 500 client, and the volume of data we handle is very large. The data ingestion is substantial, with a huge amount of data being processed daily. This heavy load sometimes causes issues with Exabeam, leading to downtime and other problems. As for the Data Lake, downtime has been less frequent, occurring only a few times, but it still affects our operations when it happens.

I rate the solution’s stability a seven-point five out of ten.

Splunk provides quick results, often within minutes, even for extensive searches. In contrast, QRadar can sometimes take an hour or more to deliver results, making Splunk more efficient. The Exabeam Data Lake also provides quick results, similar to Splunk, within minutes.

The initial setup is not easy. It takes some time. During the setup, we faced a few issues that could have been related to our environment rather than Exabeam itself.

One of Exabeam's competitors, like Splunk, has shown much better reliability with almost no downtime. In my two and a half years of experience, I've only encountered downtime with Splunk once or twice. I suggest Splunk is better than Exabeam because it is seamless and user-friendly. 

Exabeam can be a good option for medium-scale companies, especially if the pricing is lower than Splunk. However, if they need advanced visualizations and additional functionalities, Splunk would be a better choice. Exabeam lacks customizable dashboards, which might be a limitation if visualization is a key requirement.

Overall, I rate the solution as seven out of ten.

I have been using Exabeam Fusion SIEM on the myDesktop version.

Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions.

Updating the new release of Exabeam Fusion SIEM takes time and slows our performance.

Exabeam Fusion SIEM's login could be better. Also, its performance could be improved by reducing the response time.

I have been using Exabeam Fusion SIEM for more than a year.

Exabeam Fusion SIEM has perfect stability, with no performance drops or crashes. I rate Exabeam Fusion SIEM a nine out of ten for stability.

Exabeam Fusion SIEM is quite a scalable product. I rate Exabeam Fusion SIEM an eight out of ten for scalability. Approximately fifty to seventy users, including IT specialists, network engineers, and system engineers, currently use Exabeam Fusion SIEM in our organization.

Exabeam Fusion SIEM's technical support is very good, and I rate Exabeam Fusion SIEM an eight out of ten for technical support.

Positive

Since I have the guides and tutorials on installing Exabeam Fusion SIEM for a virtual environment, the initial setup was easy for me.

If you are new to Exabeam Fusion SIEM and reading the resource for the first time, it may take hours. However, since I have read every installation detail and am ready with every resource and material, it now takes me less than an hour.

We use Exabeam Fusion SIEM for the customers of financial institutions, and their feedback is good. Hence, we do have an ROI with the solution.

Exabeam Fusion SIEM's pricing is reasonable. I rate Exabeam Fusion SIEM a seven out of ten for pricing. Exabeam Fusion SIEM's pricing is reasonable. I rate Exabeam Fusion SIEM a seven out of ten for pricing. There are no extra expenses in addition to the licensing cost.

I am using the latest version of Exabeam Fusion SIEM. Two people, including one from a technical background and another from a network background, are needed for the maintenance of Exabeam Fusion SIEM.

Overall, I rate Exabeam Fusion SIEM a nine out of ten.

We use the solution to investigate incidents and create rules for use cases.

The solution provides an easy-to-use platform to create rules for use cases.

The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting phishing emails and integrating another platform for development.

I rate the solution's stability a seven out of ten.

I rate the solution's scalability a six out of ten.

The solution's technical support team is good.

The solution's initial setup process is easy.

I rate the solution's ROI a seven out of ten.

The solution is expensive.

I advise others to use the solution for its analytical features. I rate it a six out of ten.

We are a solution provider that does a lot of work in the cybersecurity space. Exabeam is one of the SIEM products that we implement for our clients.

The solution is easy to use and on a whole, it is pretty valuable.

The way it can connect with AWS is very useful, and the integrations are pretty good.

The incident response functionality is good.

Adding to the number of certifications that they have, for example, ISO 27001, would be helpful. Currently, they only have SOC 2.

I have been working with Exabeam for the past two to three years.

Exabeam is a stable solution.

This product is very easy to scale.

I have been in contact with technical support and they're really great. There's always an engineer assigned to each case.

The other SIEM solutions that we work with are Securonix and LogPoint.

The initial setup is pretty straightforward. Depending on the size, it usually takes about six days for implementation time.

They have a great model for pricing that can be based either on user count or gigabits per day. The pricing is pretty flexible, as well.

The suitability of this product is dependent on the individual use case, but generally, it fits most clients.

Overall, this is a fantastic tool and it is one of the best SIEMs that I've come across.

I would rate this solution an eight out of ten.

We use Exabeam to analyze timelines, understand the nature of the user entity or asset, and deduce activities performed in a timeline format. It is also used to trigger security rules related to security operations and investigation.

Our team has identified many identity-based threats. This has led to a significant increase in detecting these identity-based alerts.

The ThreatHunter in Advanced Analytics is the most valuable. It helps analyze compromised assets and provides analysis for any entity within my client's environment. 

Additional benefits include geolocation and tags, as well as rules, which are referred to as reasons in XBee. These are triggering rules and key identifier activities used extensively.

Exabeam needs to improve its adaptive nature towards rules and its capability to understand the entire client environment faster. 

It should accurately differentiate between an asset, its user, a host, or a service account, and structure its baseline activity precisely. Despite being a UEBA tool, it needs to speed up the entire process. 

Integrating AI could help Exabeam to effectively stay ahead in the competition. Improved adaptability in baselining scores and triggering rules would reduce false positives, ultimately enhancing security posture.

I have been working with Exabeam for over three and a half years.

Exabeam faces stability issues when applying patches, resulting in downtime for the console for twenty to thirty minutes, which is critical for SOC monitoring. This lack of backup significantly impacts our operations.

I would rate Exabeam's scalability as eight out of ten. It struggles with covering the entire environment if proper tags and hierarchy are not defined, which can present data only in a timeline format. It should present data in a more recognizable manner, like a graph, to improve usability.

I have not personally reached out to Exabeam's technical support. Typically, engineers in my organization handle interactions with customer service.

Neutral

Before Exabeam, we used a different solution, although I cannot recall its name. 

We switched due to Exabeam's promising interface, which bases rules on the behavior of entities rather than just matching against a repository of cyber threats. Exabeam introduced behavioral analysis over suspicious activities.

I'd rate the solution six out of ten.

The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface.

I have been using Exabeam Fusion SIEM for approximately one month.

The stability of Exabeam Fusion SIEM is good.

Exabeam Fusion SIEM can scale with the enterprise script.

I have not contacted the support from Exabeam Fusion SIEM. There is a lack of Indonesian support, it would benefit us to have more support for the customers.

The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward.

There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced.

I have had several experiences with similar solutions to Exabeam Fusion SIEM and Exabeam Fusion SIEM has an easier-to-use user interface.

 I rate Exabeam Fusion SIEM a nine out of ten.

The solution is primarily for the Saudi Arabian government. They want to deploy Exabeam to about 15,000 users. It's for cybersecurity, for protection reasons, within the government environment.

The government has needed some security features to protect the assets and to protect everything within the environment. This solution offers them the level of protection that they need.

The solution has great technology. 

It's a very user-friendly product and it's a very comprehensive technology.

The security on offer is very good. 

Cost-wise, compared to other technology, it's affordable.

The solution has a lot of great premium features on offer. 

We still have questions surrounding hardware deployment. 

I've been using the solution for about one year.

The stability seems to be quite good. We haven't installed it yet, however.

From what I can see, the solution has the capability to scale. that shouldn't be an issue for a company. It looks like it will expand quite well.

I haven't been in touch with technical support. The solution hasn't been implemented yet. I've mostly been acquiring information via third parties. 

I tried to send an email, however, no one has replied. I still have outstanding questions about how to select a security management platform, how to select entity analytics, how to select the cloud connectors et cetera, in physical and virtual modes.

It doesn't look like anyone is really supporting the solution in our region. As consultants, it's hard for us to say if this will end up being a problem for clients down the line. We'd like to get their input on the proposal and design, however, there doesn't seem to be anyone to discuss these issues with.

This solution has not been installed yet. Right now, we are in distributing stage. We are trying to assess the requirements and to decide accordingly the proper way forward. We're still figuring out the hardware, for example, and still have questions that need to be addressed. 

I've examined the cost and have found it to be rather reasonable. It's not overly expensive for what it offers.

Currently, I'm doing a deep evaluation of this product. I'm making a scoring system and comparing tit o other technologies. This seems to be the best option, however. It seems to be ticking all of the boxes.

We're just a consultant. We give advice to clients and present them with what we think are the best options. I'm not an integrator or user. Our clients rely on our insights and reports.

This solution will potentially be used on a governmental project. We need to have the full set of features. The government is very concerned about protection. We are trying to deploy the data lead, cloud connector, advanced analytics, entity analytics, recounting incident response, case manager and the full package, the full system, in order to collect information and properly detect and respond.

While the scoring is very high so far, I still need to determine the hardware requirements. From what I can see so far, I would rate the solution at an eight out of ten.