The Gately Report: Exabeam Expects New Opportunities from Cisco's Splunk Acquisition
Plus, a cyberattack hits Long Beach, California.
![Splunk acquisition by Cisco opportunities Splunk acquisition by Cisco opportunities](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8d68930054484d73/6537c8aebab92f0440865ea4/Opportunity-Knocks.jpg?width=700&auto=webp&quality=80&disable=upscale)
Brian A Jackson/Shutterstock
Channel Futures: Exabeam recently unveiled its latest artificial intelligence (AI)-driven security operations advancements. What sorts of opportunities is AI offering to Exabeam partners? How is it helping them address customers’ cybersecurity shortcomings?
Exabeam's Ken Hammond: The main thing that I'm hearing is that our partners have shifted to more of a services-based model. And so because of the hypercloud marketplaces and such, they're making more margin on their services. So their interest in AI comes primarily from their customers to get efficiencies.
But the partners, too, are looking for any type of efficiencies in data collection analytics so that they can add the human element on top where they make their margin. It allows them to provide better value to their customers in a way that they haven't been able to do before. So it's new. Everyone's excited. They're excited that Exabeam really started as an analytics company to complement SIEM, and we've kind of waded into SIEM, but we're still powered by our AI or machine learning (ML), and that's where we're pouring our resources into because that's what our customers and partners find most valuable.
CF: When it comes to AI, do partners have a lot of questions, like how can it help them, any potential risks, etc.?
KH: I think it's early. I am getting some questions, mostly about what efficiencies can we get from using Exabeam versus the competitive offerings. That's their main piece because partners all over the world are shifting to more of that managed model. So they're concerned about their costs, that's No. 1.
There are some questions coming from the customers about how automated the software is, not just Exabeam, but others that we're using, and if it opens up the possibility that automatic decision making could lead to security exposure. But I think that's still small right now. I think that'll grow in the market as a whole. Even with security orchestration, automation and response (SOAR) with automated playbooks, that came up. Yes, we can automate this product to make certain security decisions, but we want to make sure that we as a security operations center (SOC) team have clarity into the ramifications of all the decisions. So I wouldn't say it's a new thought; automation has been around for a long time. Security professionals love automation, but they want to make sure that they can understand how it interfaces with other products and security exposure.
Since we started as an analytics company, we've always given the depth of exposure needed to security professionals to see what the product's actually doing behind the scenes. So I expect that will grow those questions and we're ready for it because we were fortunate to start as an analytics company that went into SIEM.
CF: In August, Exabeam expanded its partnership with Google Cloud for developing generative AI models in its New-Scale SIEM product portfolio. How are partners benefitting from this?
KH: I think the primary benefit is Google has always been seen as a strong analytics company, so customers will ask us and will appreciate the depth that our engineering team is embedded with the Google engineering team. And that's something that really shines in a way that I think other companies can't compete with. So when we message what we're doing, it's always in light of teaming with Google: Here are the groups that we work with, why we made the decision to go with Google, and then the analytics piece that we offer powered in some part by Google. So I think that our most savvy customers appreciate the depth of R&D that we do.
CF: Exabeam has been included on the Inc. 5000 for the sixth consecutive year. What’s fueling that growth and what role are partners playing in that growth?
KH: We are in the third-largest security category after firewalls and endpoint. So we came in as a complement to SIEM, which fueled our growth in those early years of the Inc. report. And then when we got into SIEM as a category, that validated [us] as a strong analytics engine was that customers wanted and needed.
What's interesting about what we did is, because we started as a complement to SIEM, we made our enterprise-class product almost a consumerization of enterprise software. We made it so that a junior-level SOC analyst could get immediate value, whether at a partner or a customer. So partners appreciate our approach, not only powered by analytics, but the way that we designed our software. While you can go very deep into it, as you can with other high-powered SIEMs, they also can immediately put a smaller staff in and get full value out of Exabeam Fusion SIEM, and then layer on the services because it's not about the product. It really is about the services. And that's what our partners have told us and how we've shifted our business to continue fast growth.
Our customer acquisition model is fastest globally when there's a partner managing Exabeam, and our renewal rates are much higher when a partner is managing, which is a perfect complement to what we need and to what the partner needs. So we're just directing and pouring more energies into enabling partners to add their deployment and advanced services on our product. And that's been the fuel for our continued growth.
CF: Is the threat landscape shaping Exabeam’s product, business and channel strategies? If so, how?
KH: Yes it is. Customers in general are dealing with, especially large customers, 60-70 different security products. If my business as a customer is to produce X widget, I am a little overwhelmed because I know I need a lot of security products to protect my business, but more and more companies are outsourcing their SOC. And so how it's changed our business is, from a partner perspective, we're aligning and coming out with more features that appeal to partners that are managing and handling the outsourced SOC for these companies. So that is a clear remit for Exabeam to continue to serve our partners in a way that they can serve their customers. I think that's the biggest thing. I think customers are just overwhelmed by the threat landscape, and they're depending on trusted advisors. It's our job to give the partners the tools they need and the efficiencies they need to serve that evolving threat landscape.
CF: What sort of feedback are you receiving from partners? What are their most-pressing needs?
KH: The No. 1 thing that they want is efficiencies, ease of business. And that's a strength that we have. The second thing partners want is innovation. Exabeam does work with hundreds of different security companies to ingest and analyze the different products that these customers use. So our flexibility, our willingness to work with like-minded security companies is powerful to them. Those are the top two things.
And then I think the third thing is profitability. Security-focused companies are trusted because they offer their customers the best solution. They're not pushing one’s key products. They're definitely looking at the customer for a lifetime value. So Exabeam coming alongside them, innovating and offering that to them is a big piece of what they need.
CF: Many organizations are dealing with tight budgets. How is Exabeam helping partners meet their needs?
KH: That is true. That is a big piece. Where we shine is our usability. We've designed our product to have out-of-the-box value in the SIEM space. And that is different from most or all of our competition. So that efficiency allows the partner and the customer to have a robust next-gen SIEM without having 10, 15 or 20 personnel operating it. That's the No. 1 feedback we get. Software prices in the SIEM world are similar. We’re not on the high end and we’re not on the low end. But what makes the difference is the total cost of ownership. It's how many personnel, and can I get the value of the use cases that I need in a quick way. And the feedback from partners and customers is … "I get immediate value, no matter how big I am as a company."
CF: What do you find most dangerous and surprising about the current threat landscape?
KH: I think the sophistication of insider threat attacks is something that's very difficult for companies to combat. I think that going after credentials is a powerful way and is very difficult because it won't create the normal type of alerts that other attacks will. At Exabeam, we're able to baseline normal activity among individuals, servers and groups within the company, and that baseline of normal helps us see the anomalies, the abnormalities which often are more sophisticated insider threat attacks. And that's a good positioning for us because if somebody has clean and clear credentials, that may not hit the radar of a lot of security tools. But what Exabeam can say is it's not normal for that person or that group to be accessing and downloading that type of data. That's just not normal sales activity, for example. So that gives companies a way to quickly identify insider threats. We're seeing more and more of companies coming to us and saying, "We're buying you because of insider threats or a malicious insider because it's hard to detect" and Exabeam does a good job because we see and ingest various data streams, and we're able to quickly put that threat score in front of a SOC analyst so that they can take action.
CF: What can partners expect from Exabeam in the months ahead, into 2024?
KH: One thing we're doing that's innovative is a gamification of our training. We call it Capture the Flag. But we're also personalizing it for our partners so the partners can use this very attractive way to prospect their customer base. The first and the last part of the training speak to the strengths of the partners. So instead of it just being, "Here's Exabeam, here are all the features," it becomes, "Here's Optiv, here's CDW, here's GuidePoint Security, and here are all of the consulting and the services we do, and let me show you how we work with Exabeam."
Our partner salespeople and techs really like that because it reinforces the quality of their security services offering. And of course, it benefits us because we can get and focus our software out in a meaningful way to their prospect customers. So for that trusted advisor, that piece is important.
The other thing we're doing is ramping up our services capability to partners. We're adding things in the product. We are making sure that our go-to-market is as profitable as it can be around the services side, and we're able to shift that quickly without many gates and check boxes. We're able to do that cleanly so that our partners can get that quick time to value on their services side.
In other cybersecurity news ...
Last week, Long Beach, California, learned it was targeted by a cyberattack, prompting the city manager to call for a local state of emergency.
The city’s website includes the following information:
“Through the initial investigation, the city determined a network security incident occurred. While public safety services are not impacted, other city services may be affected for several days. Out of an abundance of caution, systems will be taken offline effective immediately during the investigation and potential remediation.”
Nick Tausek, lead security automation architect at Swimlane, said while it's not clear exactly which systems were affected, Long Beach officials confirmed 911 and fire systems were not impacted.
“Ransomware groups are increasingly targeting U.S. cities and towns,” he said. “In 2023 alone, California was hit with cyberattacks in Oakland, San Francisco and San Bernardino, among others. Local governments should implement efficient and comprehensive detection and incident response plans to mitigate the impact of these ransomware attacks."
Andrew Costis, chapter lead of the adversary research team at AttackIQ, said Long Beach was the third local government to be hit with an attack in the past week, following Huber Heights, Ohio, and Bladen County, North Carolina.
“To safeguard residents' personally identifiable information (PII), local governments need to take a more preventative cybersecurity approach,” he said. “Organizations can mitigate the effect of cyber threats by emulating the common tactics, techniques, and procedures (TTPs) used by threat actors. By continually testing their defenses against these threats, organizations can evaluate their existing controls and increase the effectiveness of their response.”
A new Delinea report shows most organizations are years away from a passwordless reality.
The report found the majority (68%) of 300 U.S. IT decision makers polled said passwords aren’t dead, with over half of that group saying they believe passwords are simply evolving into something new.
The survey, conducted by Censuswide on behalf of Delinea, specifically aimed to understand the future of passwords in the workplace in light of recent traction by other authentication options in consumer technology such as smartphones, personal email accounts and mobile apps. The polling found solutions users are already familiar with using in their personal lives are also the most likely to replace passwords in the workplace, such as biometrics (58%), other multifactor authentication (MFA) technologies (46%), one-time passwords (37%), and passkeys (35%).
“The term passwordless often elicits a strong response, either by those claiming passwords will never die or those claiming they will inevitably go away,” said Chris Smith, Delinea’s chief marketing officer. “Our latest research shows that it doesn’t have to be one or the other, and that a range of authentication options are encouraging a future where passwords still exist, but are in the background. The passwordless evolution won’t happen overnight though, and organizations need to ensure that they are taking necessary steps to avoid introducing new risk into the workplace by trying to move beyond passwords too quickly.”
While 30% said their organization has already started this transition, 36% claimed they are still one to two years away while 21% admitted they are three to four years away. Standing in their way are several obstacles including legacy platforms and apps that require passwords and MFA (43%), the need for consistent authentication methods everywhere (37%), and employees who don’t understand or trust passwordless processes (28%). Furthermore, 95% of respondents said their companies must meet at least one set of compliance requirements, requiring organizations to demonstrate access controls, which can become more complicated by adapting to new authentication methods.
Despite these impediments, it’s clear the user experience must evolve with 35% expecting access to workplace systems to require MFA challenges at login, even as 19% expect a future where no username or password is required. Almost 60% of respondents also said their organizations are using a privileged access management (PAM) solution to manage workplace passwords.
Finally, the report shines light on perspectives about AI and its role in cybersecurity. While 83% said they see AI as a defender, half of those respondents said it could also be a threat.
“Workplace password management practices are evolving, even though organizations haven’t yet radically moved away from traditional passwords,” Smith said. “As biometrics become more accurate, legacy technology gets replaced, and AI creates a stronger safety net, enterprises will likely become more comfortable with a passwordless future.”
Ricardo Amper, founder and CEO of Incode, said both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. This transition from traditional passwords empowers individuals to take greater control of their data, especially in response to the ever-evolving landscape of cyber threats.
“Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits,” he said. “However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.”
U.S. mail-order pharmacy provider Truepill, also known as Postmeds, is sending notification letters to nearly 2.4 million individuals disclosing that their personal data has been compromised following a breach of its systems in late August.
Truepill’s B2B-focused pharmacy platform uses APIs for direct-to-consumer health care brands’ order fulfillment and delivery services so some individuals receiving the notices had never heard of the company.
“On Aug. 31, we discovered that a bad actor gained access to a subset of files used for pharmacy management and fulfillment services,” Truepill said in its notification letter. “We immediately launched an investigation with assistance from cybersecurity professionals and worked quickly to secure our environment. Our investigation determined that the bad actor accessed the files between Aug. 30 and Sept. 1. Our review determined these files contained patient names, medication type, and in some instances demographic information and/or prescribing physician name. Importantly, Social Security numbers were not involved, as PostMeds does not receive this information.”
The breach has prompted various class-action lawsuits accusing Postmeds of providing incomplete information regarding the compromised data, failing to ensure the encryption of sensitive health data and delaying the company's breach notification.
Ted Miracco, CEO of Approov Mobile Security, said many health care organizations still rely on legacy systems and infrastructure that were not designed with modern cybersecurity practices in mind.
“API security today is of utmost importance, particularly in the context of mobile APIs, as these are often targeted by attackers due to their inherent vulnerabilities, widespread usage and wealth of sensitive data they can access,” he said. “While encryption is a basic aspect of API security for data storage, during transmission, sensitive information must also remain secure even if intercepted by malicious actors. Strong encryption protocols such as HTTPS/TLS should be used to ensure the confidentiality and integrity of data exchanged between mobile devices and APIs.”
In addition to encryption, the use of secure short-lived tokens is an effective security practice, Miracco said.
“These tokens serve as access credentials and are typically issued for a limited duration,” he said. “By using short-lived tokens, the window of opportunity for attackers to exploit stolen or compromised tokens is minimized. Regularly rotating these tokens further enhances security by reducing the potential impact of a token compromise.”
U.S. mail-order pharmacy provider Truepill, also known as Postmeds, is sending notification letters to nearly 2.4 million individuals disclosing that their personal data has been compromised following a breach of its systems in late August.
Truepill’s B2B-focused pharmacy platform uses APIs for direct-to-consumer health care brands’ order fulfillment and delivery services so some individuals receiving the notices had never heard of the company.
“On Aug. 31, we discovered that a bad actor gained access to a subset of files used for pharmacy management and fulfillment services,” Truepill said in its notification letter. “We immediately launched an investigation with assistance from cybersecurity professionals and worked quickly to secure our environment. Our investigation determined that the bad actor accessed the files between Aug. 30 and Sept. 1. Our review determined these files contained patient names, medication type, and in some instances demographic information and/or prescribing physician name. Importantly, Social Security numbers were not involved, as PostMeds does not receive this information.”
The breach has prompted various class-action lawsuits accusing Postmeds of providing incomplete information regarding the compromised data, failing to ensure the encryption of sensitive health data and delaying the company's breach notification.
Ted Miracco, CEO of Approov Mobile Security, said many health care organizations still rely on legacy systems and infrastructure that were not designed with modern cybersecurity practices in mind.
“API security today is of utmost importance, particularly in the context of mobile APIs, as these are often targeted by attackers due to their inherent vulnerabilities, widespread usage and wealth of sensitive data they can access,” he said. “While encryption is a basic aspect of API security for data storage, during transmission, sensitive information must also remain secure even if intercepted by malicious actors. Strong encryption protocols such as HTTPS/TLS should be used to ensure the confidentiality and integrity of data exchanged between mobile devices and APIs.”
In addition to encryption, the use of secure short-lived tokens is an effective security practice, Miracco said.
“These tokens serve as access credentials and are typically issued for a limited duration,” he said. “By using short-lived tokens, the window of opportunity for attackers to exploit stolen or compromised tokens is minimized. Regularly rotating these tokens further enhances security by reducing the potential impact of a token compromise.”
![The Gately Report logo The Gately Report logo](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt4691dffec16f5753/6523e9c97c8a47014c90ff8b/The-Gately-Report-logo.jpg?width=700&auto=webp&quality=80&disable=upscale)
Exabeam’s global channel leader says Cisco acquiring Splunk is a good thing and will open new opportunities for his company.
Ken Hammond, Exabeam’s vice president of worldwide channel sales and alliances, has “lots of thoughts” on the Splunk acquisition because he used to be Cisco’s global security sales leader.
When Cisco announced the Splunk acquisition, Cisco told us Splunk’s security capabilities complement its existing portfolio, and together will provide “leading security coverage from devices to applications, to clouds.” The integration of Cisco’s extended detection and response (XDR) and Splunk’s security information and event management (SIEM) offering will give customers a “comprehensive security platform for threat detection and response.”
Splunk Acquisition by Cisco Validates SIEM
“Ten years ago, I was acquired by Cisco via Sourcefire, and I was the lead integration channel person and the first leader of the global security sales organization at Cisco,” Hammond said. “So where it opens opportunities first, the most important thing is it validates the SIEM category in a big way, the value of it. It's the third-largest category. So it helps Exabeam just to be part of that conversation. We're much smaller than Splunk, but we're also in an interesting mix where we've got Cisco as a competitor, we've got IBM as a competitor with Qradar, we have Google somewhat with Chronicle and Microsoft with Sentinel. Those are very large companies.”
![Exabeam's Ken Hammond Exabeam's Ken Hammond](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbdb13eed2fdcb3c9/655ba54498b6dc040abc5fda/Hammond_Ken_Exabeam_2023.jpg?width=130&auto=webp&quality=80&disable=upscale)
Exabeam's Ken Hammond
The difference is Exabeam is known “in its DNA” as a cybersecurity company, Hammond said.
“So where it opens up opportunities for us, I believe, is that we're a security innovator in this market,” he said. “And so while we may not be the perfect fit for all companies that are looking at these other large competitors, we have a big partner and customer base that sees our innovation, our ease of doing business with and our channel program as a key differentiator and a benefit. So I think it's a good thing for the whole category. And we do see it as a way for partners that aren't traditional big-four resellers that are focused on security to expand with us.”
About the Author(s)
You May Also Like