Exabeam Advanced Analytics and SIEM

Exabeam uses data science for behavioral modeling, machine learning, and advanced analytics for comprehensive insider and entity threat detection.

Exabeam's User and Entity Behavior Analytics (UEBA) provide insider threat detection, tracking anomalous behavior and suspect movements within your organization, while also securing your cloud services, machines, devices, and IoT assets.


  • User behaviour modelling
  • Machine learning
  • Prebuilt-incident timeline
  • Dynamic peer grouping
  • Lateral movement detection
  • Asset ownership association


  • Automatically detect behaviours indicative of threats
  • Save time investigating incidents
  • Reduce false positives associated with correlation rules
  • Detect more threats
  • Detect threats more quickly
  • Free up SOC team to prioritize on real threats
  • Save money


£25.11 per person per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 2 6 2 0 3 0 9 9 5 9 7 6 8 7



Cybanetix Sales Team

020 8396 7442

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Software updates and patching are carried out during planned maintenance windows, agreed with the customer.
System requirements
Not applicable

User support

Email or online ticketing support
Email or online ticketing
Support response times
UK based Support Desk operating 24/7/365

Standard (inclusive) response times are:

Email: 1 hour response (Mon-Fri 08:00-18:00)
Email: 8 hour response all other times

Telephone: Immediate response 24/7/365

Enhanced response times are available
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
Standard (inclusive) support levels are:

4 hour fix (Mon-Fri 08:00 to 18:00)
8 hour fix all other times
24/7/365 UK Support desk contact by: Phone, Email, Web

99.85% service availability, measured on a quarterly basis.
99.95% availability of data storage, measured on a quarterly basis.

Enhanced support levels available.
Support available to third parties

Onboarding and offboarding

Getting started
As part of the service, Cybanetix will assist customers by providing 1 day of Professional Services free of charge. This is to assist with on-boarding and configuring their logging sources to ensure that the service is feeding received data into the dashboards and alerting functions.

Onsite service familiarisation and operational training is available to customers.
Service documentation
Documentation formats
End-of-contract data extraction
All customer data is removed from the service/platform and customer access to the service is switched off.

Customers are able to back up their historical log/event database and subsequently extract that information upon termination of the service.
End-of-contract process
The service will be switched off and decommissioned.

All customer database information will be extracted and provided to the customer in an agreed format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No difference
Service interface
Description of service interface
Access to the service is via a web based graphical user interface.

Once logged in, customers have full access to their service.
Customers are not able to access the underlying software/source code.
Accessibility standards
None or don’t know
Description of accessibility
Access to the Exabeam service is via a web based graphical user interface.

Once logged in, customers have full access to their service.
Customers are not able to access the underlying software/source code.
Accessibility testing
No testing completed
Customisation available
Description of customisation
The platform can be customised in accordance with a customers specific requirements for the service. Examples of this would include:

Setup of critical systems
Setup of critical and executive users
Customization of dashboard widgets
Custom log sources
Bespoke reporting


Independence of resources
Each customer deployment of the service is a completely separate instance.

Hosting resources are never oversubscribed and are partitioned according to the specific performance demands of a given customer.


Service usage metrics
Metrics types
Disk space usage
Service availability
Log volumes
High severity threats
Others available
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Customer data can be exported in a variety of formats. Specific requirements can be discussed and agreed on a case by case basis.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.85% service availability, measured on a quarterly basis.

99.95% availability of data storage, measured on a quarterly basis.
Approach to resilience
Available on request
Outage reporting
Emails alerts and calls via the Support desk

Identity and authentication

User authentication needed
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The service supports implementation of Role Based Access Control (RBAC). This allows customers to control management access and permissions to need/role basis.

Upon subscription to the service, Cybanetix will work the customer to identify and maintain a list of approved roles within the customers organisation.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
Information security policies and processes
Cyber Essentials

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Cybanetix maintains an internal Change Management board and defined Change Management Process.

The Board is responsible for the assessment and approval/rejection of all submitted configuration and/or software changes to its services.

All approved changes must be subject to a clearly defined roll back procedure. Where necessary, changes details will be notified to all affected customers and suitable maintenance windows will be agreed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threat Intelligence is gathered from a variety of external feeds, the details of which can be provided upon request.

Cybanetix continually monitors the security of its service and will carry out any urgent security patching requirements at the earliest opportunity. The implementation of any urgent threat mitigation may be subject to an Emergency Change Control procedure.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Cybanetix has a fully managed Security Operations Centre (SOC), running a Security Information & Event Monitoring platform (CALM)

Response is automated wherever possible. Otherwise, these are logged as security incidents and responded to following our Security Incident Management process.

Response is immediate 24/7/365.
Incident management type
Supplier-defined controls
Incident management approach
Incidents (including faults, change requests and updates) should be raised to the Cybanetix support team, typically via email, phone or the customer support web portal.

Incident reports are made available via the customer self service portal or upon request to the Cybanetix support team.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£25.11 per person per year
Discount for educational organisations
Free trial available
Description of free trial
Proof of Concept testing, includes:
Licensing & Hosting
1 day professional services (to assist with setup/on-boarding)
Technical support (for duration of POC)
Time period - TBC on case by case basis (due to customer's current logging policies)

Service documents

Return to top ↑