Exabeam Security Intelligence Platform

Exabeam uses data science for behavioral modeling, machine learning, and advanced analytics for comprehensive insider and entity threat detection.

Exabeam's User and Entity Behavior Analytics (UEBA) provide insider threat detection, tracking anomalous behavior and suspect movements within your organization, while also securing your cloud services, machines, devices, and IoT assets.


  • User behaviour modelling
  • Machine learning
  • Prebuilt-incident timeline
  • Dynamic peer grouping
  • Lateral movement detection
  • Asset ownership association


  • Automatically detect behaviours indicative of threats
  • Save time investigating incidents
  • Reduce false positives associated with correlation rules
  • Detect more threats
  • Detect threats more quickly
  • Free up SOC team to prioritize on real threats
  • Save money


£4540.50 per instance per year

  • Free trial available

Service documents

G-Cloud 10



Cybanetix Sales Team

020 8396 7442

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Software updates and patching are carried out during planned maintenance windows, agreed with the customer.
System requirements Not applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times UK based Support Desk operating 24/7/365

Standard (inclusive) response times are:

Email: 1 hour response (Mon-Fri 08:00-18:00)
Email: 8 hour response all other times

Telephone: Immediate response 24/7/365

Enhanced response times are available
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Standard (inclusive) support levels are:

4 hour fix (Mon-Fri 08:00 to 18:00)
8 hour fix all other times
24/7/365 UK Support desk contact by: Phone, Email, Web

99.85% service availability, measured on a quarterly basis.
99.95% availability of data storage, measured on a quarterly basis.

Enhanced support levels available.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of the service, Cybanetix will assist customers by providing 1 day of Professional Services free of charge. This is to assist with on-boarding and configuring their logging sources to ensure that the service is feeding received data into the dashboards and alerting functions.

Onsite service familiarisation and operational training is available to customers.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All customer data is removed from the service/platform and customer access to the service is switched off.

Customers are able to back up their historical log/event database and subsequently extract that information upon termination of the service.
End-of-contract process The service will be switched off and decommissioned.

All customer database information will be extracted and provided to the customer in an agreed format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference
Accessibility standards None or don’t know
Description of accessibility Access to the service is via a web based graphical user interface.

Once logged in, customers have full access to their service.
Customers are not able to access the underlying software/source code.
Accessibility testing No testing completed
Customisation available Yes
Description of customisation The platform can be customised in accordance with a customers specific requirements for the service. Examples of this would include:

Setup of critical systems
Setup of critical and executive users
Customization of dashboard widgets
Custom log sources
Bespoke reporting


Independence of resources Each customer deployment of the service is a completely separate instance.

Hosting resources are never oversubscribed and are partitioned according to the specific performance demands of a given customer.


Service usage metrics Yes
Metrics types Disk space usage
Service availability
Log volumes
High severity threats
Others available.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Exabeam

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Customer data can be exported in a variety of formats. Specific requirements can be discussed and agreed on a case by case basis.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other
Other data import formats Syslog

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.85% service availability, measured on a quarterly basis.

99.95% availability of data storage, measured on a quarterly basis.
Approach to resilience Available on request
Outage reporting Emails alerts and calls via the Support desk

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The service supports implementation of Role Based Access Control (RBAC). This allows customers to control management access and permissions to need/role basis.

Upon subscription to the service,
Cybanetix will work the customer to identify and maintain a list of approved roles within the customers organisation.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Cyber Essentials

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Cybanetix maintains an internal Change Management board and defined Change Management Process.

The Board is responsible for the assessment and approval/rejection of all submitted configuration and/or software changes to its services.

All approved changes must be subject to a clearly defined roll back procedure. Where necessary, changes details will be notified to all affected customers and suitable maintenance windows will be agreed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Threat Intelligence is gathered from a variety of external feeds, the details of which can be provided upon request.

Cybanetix continually monitors the security of its service and will carry out any urgent security patching requirements at the earliest opportunity. The implementation of any urgent threat mitigation may be subject to an Emergency Change Control procedure.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Cybanetix has a fully managed Security Operations Centre (SOC), running a Security Information & Event Monitoring platform (CALM)

Response are automated wherever possible. Otherwise, these are logged as security incidents and responded to following our Security Incident Management process.

Response is immediate 24/7/365.
Incident management type Supplier-defined controls
Incident management approach Incidents (including faults, change requests and updates) should be raised to the Cybanetix support team, typically via email, phone or the customer support web portal.

Incident reports are made available via the customer self service portal or upon request to the Cybanetix support team.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4540.50 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Proof of Concept testing
Licensing & Hosting
1 day professional services (to assist with setup/on-boarding)
Technical support (for duration of POC)
Time period - TBC on case by case basis (due to customer's current logging policies)


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑