NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

By Byron V. Acohido

Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last.

Related: Digital Transformation gives SIEMs a second wind

After an initial failure to live up to their overhyped potential, SIEMs are perfectly placed to play a much bigger role today. Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technology).

I spoke with Trevor Daughney, vice president of product marketing at Exabeam, at the RSA 2020 Conference in San Francisco recently. Exabeam is a successful security vendor in the SIEM space. You can get a full drill down on our discussion in the accompanying podcast. Here are a few key takeaways:

Tuning SIEMs for IoT, OT

SIEMs are designed to gather event log data from Internet traffic, corporate hardware, and software assets, and then generate meaningful security intelligence from masses of potential security events. With CIOs and CISOs now facing increased responsibilities, SIEMs have huge untapped potential for supporting new use cases.

Digital transformation is leading to more intensive use of the cloud, faster development of software to support it, and the growth of the IoT. This means that huge amounts of customer information are now digitized and require protection.

On the operational and technological side of things, all of the environments of these companies are coming online too, so this access also needs to be secure. All of this traffic – in particular threat feeds from legacy defense systems — are adding to the flood of data that must be ingested and efficiently analyzed to protect modern networks.


Daughney stresses that SIEMs must evolve to keep up. “SIEMs have to be able to help the security analysts see and monitor different use cases like OT.”

Cloud Studio launch

The good news is SIEMs continue to evolve to keep pace with accelerating technological advances. At RSA 2020, for example, Exabeam announced that it was moving to a cloud platform, which allows new services to be rolled out far more quickly than before.

Part of its Cloud Studio is the new Parser Editor tool. This allows engineers to easily upload new log types and build parsers for them with a simple, self-service wizard. The wizard will display the log broken out into different fields, which the engineer can validate.

Daughney outlined a typical parser use-case scenario involving the installation of security cameras within an organization’s offices. When a new data source comes in from the security camera company that is installing the cameras, the organization can quickly bring feeds into a SIEM and use a parser to interpret different components to identify anomalous behavior — such as those security cameras connecting to new ports for the first time.

Agile defense

Traditionally, this could have taken many weeks, as the SIEM vendor would have had to customize a dedicated parser for that feed; but now engineers can create the parser in minutes themselves.

Daughney highlights efficiency as one of the major benefits of the new SIEMs tools. “We’ve been working with some of our existing customers as part of a preview of the release, and they’ve been really excited to be able to save time,” he says.

Security leaders are under increasing pressure, but SIEMs can deliver robust tools that can help them deal with their new responsibilities and roll out custom applications quickly and without the need for massive storage capabilities. In short, it’s a step toward helping enterprises make their network defenses agile enough to protect digital assets, without unduly hindering speed of innovation.

It’s incumbent upon Exabeam and other suppliers of SIEM and SIEM-related technologies to keep innovating, and all indications are they will continue to do just that. Security executives will need improved tools to help them shape new security frameworks that strike a balance between speed and security. I’ll keep watch.

Last Watchdog’s Melanie Grano contributing.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone