Exabeam Reviews

The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it. 

It's good at security logging in our infrastructure but not really application logging. 

We have been using Exabeam for a few months. 

We had RSA earlier, we were a mature client, we had a big bang kind of start. Exabeam was really prepared there. We had some issues that we were able to sort out. They sent very experienced engineers to help us with the issues we had. Now we have a technical account manager. We are very pleased with it. Now, it looks much better but it's a large implementation. If you have a large implementation with lots of data you can expect a few issues and problems. If you start off with a small implementation then it would be a different story. We started off with loads and loads of data that we wanted to ingest. After a couple of months, things look a lot better. 

We did a POC with Splunk, IBM QRadar and Securonix and we came to the conclusion that Exabeam was the best option for us. Everybody knows that Splunk is the top product but it's very expensive. The price model is based on the volume of logs of data that you process in the system. It's very unpredictable and expensive compared to other products.

We reviewed four different vendors but before we did the evaluation, we took a deep look at our use cases to understand our requirements so we would know the expected use cases and requirements on the system. It's important to know what you want to use it for. For us, it was about security use cases. If you are a new customer, you should think of the use cases that you have. All of the vendors we evaluated were good but Exabeam has a very good price model. That's where they win when they compete with Splunk, for instance. With Exabeam, you're not restricted to the log volume. You can add as much as you like. The only limit is the hardware. At some point, you may need to extend the hardware. We have plans to increase usage.

I would rate it a seven out of ten. 

We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with. That's where they could try to improve their services. We had some issues. Some of it was due to our own load balancing problems that caused a few issues. But if they had had their expert guys on-site they would have found the error much earlier. They didn't have their best experts so I think we lost a big of implementation time. I would've expected more attention on their side. They created tickets but that wasn't the way to work. When you start a large implementation, they need to have their experts on-site as opposed to opening regular tickets. They need to be on-site to fix the issues. They sent very good technical experts after a few months and it only took them half a day to figure out the issues and after that, it worked very well. Our account manager is very senior and we are very pleased with him.

They've been very professional during the POC. We had ongoing commercial discussions. 

I run a consulting organization and I also do a lot of enterprise architecture and solution architecture for security services.

Valuable features are its timeline based analysis and that it's user friendly. Response from the platform itself is good which makes it easy to manage. The UI is also a good feature. 

The product is good but the organzation is rigid and not flexible in the way they operate. Their response time is very bad. They obviously have a small team and not enough staff. They have their own priorities, it seems but the customer should be their first priority. The company really needs to improve their commitment to their customers. 

I've been using the solution for about four years. 

Stability is fine. 

Scalability is fine. 

There are no issues with technical support. 

Initial setup is fairly straightforward. 

The pricing is reasonable

From a product perspective, it's a good product but the company needs to improve the way it functions. 

I would rate this solution an eight out of 10. 

I'm an IT specialist and we are resellers of Exabeam. We have it deployed as an on-premise demo test cluster for customer POC. We use it mainly for management and for CM use cases to enable an overview of security events as well as user analytics. 

With E8, the advanced analytics has a really great overview of user behavior. I like the timeline feature the most.

The product could be improved by implementing cost use cases. I believe if it were more flexible it would be a better product. 

For additional features, I'd like to see more visibility in the networking.

We've been using the latest version of this product for the past six months. 

It's a stable product, no problems. 

Our company doesn't have a huge infrastructure behind the product at the moment, so it's difficult for me to comment about scalability, but I have seen customer references that state it scales really nicely. They are now working on the last big infrastructure and I know that inherently it scales well. The product is mostly for software security use cases, but in our company, only a handful of people use the product, perhaps three or four. In terms of our customers, I would estimate there to be between 10 and 15 users. It would mainly be infrastructure admin and security analysts using the solution.

I haven't needed to make contact with technical support. 

In production, we are actually still using QRadar in our own company simultaneously with Exabeam.

Setting up the system was relatively easy - it took about a day. Adjusting the information was an ongoing process, so I can't really give a good estimate on that.

We evaluated LogRhythm and Splunk as possible options but in the end, we went with Exabeam - it was the right choice for us taking into account the needs of our customers and projected future needs.

I would recommend the product. I don't have any warnings or anything negative to tell anyone, because there are really no problems with the solution. You can pretty much make it up as you go.

I would rate this product an eight out of 10. 

We used Exabeam as a log aggregation platform. We had a SIEM platform, Exabeam, that was ingesting logs from various vendors hosting EDR solutions on behalf of our clients. Exabeam allowed us to parse logs from sources like CrowdStrike, Palo Alto, or Windows logs, all into one platform.

The UI was very clean. Its identity and access management were robust. We had many colleagues interacting with it, and when I was adding parsing rules or configuring other changes, I could propagate those changes in real-time very fast.

One area that needs improvement is interacting with Exabeam's API. There was a headache regarding the API; the documentation wasn't clear, and the syntax wasn't very precise. This situation arose when we needed to retrieve a list of public IPs to block, and it required interacting with Exabeam's API on the cloud platform.

I worked with Exabeam for about three months during an internship engagement at Grant Thornton. The last time I used it was more than a year ago.

The solution is stable.

There was a fair bit of latency when accessing it via a web browser. The platform seems to be very application intensive, which led to some pet peeves regarding latency.

The customer support was quite good. They had a solid customer support platform, and their responses were always very instantaneous. Early in my internship, we needed access to the platform to start learning, and Exabeam’s customer support quickly provided us with accounts with lower privileges.

Positive

In my own setup, I use the Elk Stack: Elasticsearch, Logstash, and Kibana, which I am more accustomed to.

I'd rate the solution six out of ten.