Exabeam and Google Cloud: Revolutionizing Cybersecurity with AI

Steve Wilson, Chief Product Officer, Exabeam

In an age of rampant data breaches and ransomware, the importance of defending sensitive information is at an all-time high. We’ve seen sophisticated AI-driven attacks in the form of convincing deepfakes already begin to take root, and nation-states are likely already experimenting with AI to further their objectives. These AI-augmented attackers are a real threat in 2024, and beyond. That is why Exabeam is already leveraging AI to help CIOs and CISOs attach to all the possible sources of telemetry that they have in their enterprise and give them a complete view of their cybersecurity landscape. 

Exabeam has been a leading player in security-focused user experience and AI functionality for 10 years. We were one of the first to incorporate AI and machine learning to augment security operations with behavioral analytics, and the only company to learn normal behavior to provide advanced detections. While many of the biggest players in security can aggregate log files and help search through them, Exabeam leans into security operations roles and focuses on expanding user experiences inside SecOps centers. We’ve built a cloud-native security operations platform that allows data collection from on premises and cloud sources that scales to the massive amounts of information that security leaders and their teams need to access daily.  

Security at Scale for the Port of Antwerp-Bruges

As the second largest seaport in Europe, the Port of Antwerp-Bruges is a hub of international trade and maritime activities. The port manages around 290 million tons of cargo annually, and it comprises five percent of the Belgian gross domestic product (GDP). This critical infrastructure cannot be understated, as even Western Europe feels the ripple effects of the port’s influence and impact. 

However, another aspect of the port’s daily happenings is the scale of digital operations it conducts. As an international trading hub, the Port of Antwerp-Bruges is the target of many cyberthreats, and with rising nation-state threats, having an in-depth understanding of internal environments is the key to success. 

Yannick Herrebaut, Cyber Resilience Manager and CISO for the Port of Antwerp-Bruges, is responsible for cybersecurity strategy, policy, and compliance at the port. He leads a team that manages all security operations, including the security technology stack, and helps the business with security questions, service tickets, and incident response.

As CISO of such critical infrastructure, Herrebaut knew the robustness of their security solutions and strategy was important. “Detecting incidents is not always very easy. Sometimes threat actors are in the background for weeks or even months, and no solution is a silver bullet to detecting all these different threats in your environments,” shares Herrebaut.

However, Exabeam’s skills in automation and easy deployment allow teams to focus on real threats, rather than wasting energy on benign notifications. 

“Thanks to implementing Exabeam SIEM, we’ve been able to streamline our operations and do everything far more efficiently. Before we had to check every dashboard of every solution manually, and now we’re able to just look at Exabeam and we are informed about all the things that are happening within our environment.”

How Exabeam and Google Cloud are Addressing Key Problems in the Cybersecurity Landscape Together 

The cloud-native AI-driven Exabeam Security Operations Platform is able to store and search petabytes of data. While this data holds the keys to understanding a CIO’s or CISO’s environments and security posture, too many of them are drowning in data and unable to tangibly use it. This waste of resources is almost worse than not having enough data at all, and this is one of the many reasons why Exabeam and Google Cloud have partnered together. 

The AI-driven Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to combating cyberthreats, delivering the most effective threat detection, investigation, and response (TDIR). AI-driven detections pinpoint high-risk threats by learning normal behavior of users and entities, and prioritizing threats with context-aware risk scoring. Automated investigations simplify security operations, correlating disparate data to create threat timelines. Playbooks document workflows and standardize activity to speed investigation and response. Visualizations map coverage against the most strategic outcomes and frameworks to close data and detection gaps. Exabeam empowers security operations teams to achieve faster, more accurate, and consistent TDIR.

The AI-driven Exabeam Security Operations Platform built on Google Cloud can ingest millions of events per second, and by leveraging Google Cloud BigQuery, can store petabytes of data. On top of this, Threat Center, part of the Exabeam platform, simplifies security analyst workflows by centralizing threat management, investigative tools, and automation to efficiently investigate and respond to threats. 

Threat Center reduces alert fatigue with prioritization, automated evidence collection, and timeline creation, providing every analyst with a consistent view of the threat. 

The recently released Exabeam Copilot allows defenders to use AI to level the playing field by analyzing these petabytes of data in near real time, discerning normal and abnormal behaviors across the network. Exabeam Copilot is Exabeam’s generative AI (GenAI) experience, built on top of the Google Cloud Vertex AI service. Exabeam Copilot offers security teams powerful productivity and insights that will make them more efficient and informed about cybersecurity. Analysts and engineers can use natural language processing to create complex search queries that deliver actionable insights to uplevel analysts’ investigation and response. With GenAI capabilities, you can train security analysts faster, communicate risk with detailed threat explanations, and learn more about general threats from a security-centric large language model. Exabeam Copilot uplevels security skills and knowledge to help drive faster, more accurate TDIR. 

Security analysts now have a trained AI security buddy that provides clear and clean status updates on threats, such as how to respond and what actions must be taken moving forward. This automated analytics process provides analysts with clean and clear status updates across the management chain on detected threats and network vulnerabilities, including actionable recommendations to mitigate security risks. 

The Future of AI-Driven Security Operations with Exabeam and Google Cloud 

Now that Exabeam has built the foundations for GenAI in our platform through Google Cloud Vertex AI, we’re planning to leverage even more advanced GenAI models like Google Gemini, expanding Exabeam Copilot to the security engineer and using GenAI to speed up data acquisition and understanding. 

We already know that attackers are using AI for their own misdeeds, and for the past decade, Exabeam has been helping organizations safely and effectively use AI to enhance security processes. It’s our mission at Exabeam to help defenders even the playing field by harnessing AI for security operations, and Google Cloud is a great partner in that mission.