Exabeam Managed Detection Response

24/7 MDR for Exabeam


Request a Quote

Please give us 24 hours to respond to your request.

Castra + Exabeam History

Castra has been successfully using Exabeam for several years, for both our clients and ourselves. In fact, in 2018 we swapped our SIEM 1.0 platform for Exabeam for better visibility, analytics, workflow and overall risk management.

Since 2012, Castra has deployed SIEM in over 2,000 organizations globally. Our SOC is second to none and is filled with well trained, US-Based, diligent Analysts who are all Exabeam experts with several years of Security Operations experience. Our transparent, integrated, and affordable approach coupled with a near 100% renewal rate is why we recently won Exabeam’s MSSP Partner of the Year Award.

ExabeamPartner of the year 2020

Our Favorite Things About Exabeam

  • Data Lake, Advanced Analytics, Case Manager, Entity Analytics, Cloud Connectors are the perfect bundle.
  • Excellent data usage model. Starts at 50GB/day and can easily scale to 2TB/day and higher.
  • Machine Learning, granting the ability to model account and/or asset behavior
  • UEBA is superior to any human written SIEM 1.0 correlation rule
  • Ability to craft custom rules and custom models
  • Easy to extract smart timelines for investigations
  • Long term intuitive, active searching
  • Strong Dashboard, visualization and reporting capabilities
  • Robust, automated incident response ability

We bend platforms to work in your environment.

Contact us to get started
Events recorded a month
Assets Monitored
illustrated wide computer screen

Exabeam SAAS vs On Premise

Doesn’t matter what deployment model you’ve adopted. Castra has mastered both options, and we’ve customized our service to your specific needs. The SaaS model is very straightforward, and Exabeam handles the ongoing maintenance. If you have an On Premise deployment, our Elite MDR service will take care of the system and ensure it is always up to date, and doing what it needs to do.

illustrated graph on hexagons

Data Sheets

Download more information based on the services you need here.

Castra manages your Exabeam SaaS or On Premise based SIEM / SOAR

Here’s how we connect with you.

castra elite mdr diagram

Castra’s Elite MDR Overview


Fully Managed

Elite is Castra’s most in-depth service. Our Security Operations Center (SOC) watches your network, investigates security alarms, tunes the system for better visibility, and works with you when we find anomalies. You don’t need to manage the security platform or watch the console day by day - we do that for you. Let us take care of everything while you focus on your business.

Request a Quote


    • Expert assistance on new service deployment from Security Operations Team
    • Designated Primary Security Analyst and 24x7 SOC
    • Documented Incident Response Plan
    • Training and enhancing Exabeam’s Machine Learning
    • Proactive tuning, customer notification and orchestrated response post incident detection
    • Advanced alarm and orchestration response
    • Intensive analysis of customer needs and network environment
    • Anomali Threatstream integration - best in class threat intelligence platform (TIPS)
    • Custom behavioral modeling and detection rules for improved alarming
    • Custom notifications for Alarm outputs
    • Compliance Based Dashboards
    • Custom Reporting
    • Scheduled teleconferences with Security Operations Team covering:
      • Alarm review and noise reduction
      • Capacity planning
      • Risk posture adjustments
    • 24×7 health monitoring by Security Operations Team
    • Cloud-based platform continuously monitors:
      • Hardware and software stats
      • Event flow rates
      • Capacity and performance information
      • Proactive tuning and customer notification upon problem detection


  1. Kick off call

    Every Castra customer is assigned a Primary Security Analyst that they will work with on a regular basis. More than just a meet and greet, and one of the first things we do is establish an “IRP,” or “Incident Response Plan.” This IRP includes designating specific threat thresholds like, “Critical, High, Medium, and Low” and documenting all of the appropriate personnel that should be contacted if any of these thresholds are met.

  2. Establish a Schedule

    Once a detailed and measurable IRP has been established, your Primary Security Analyst will schedule a recurring call to ensure we always have a dedicated time and place discuss your security posture.

  3. Response & Remediation

    In the event that one of these threshold are met, Castra will reach out to the appropriate personnel and begin executing the Incident Response Plan.

  4. Proactive Reviews

    If none of the Threat Thresholds have been met, we like to meet on a weekly or monthly basis to review your systems, alarms, environment, and overall security posture. This is an important step in the process to ensure we are always taking a proactive approach to securing your environment.

  5. Constant Contact

    Customers can also reach out to our SOC at anytime. From there, we keep meeting every week or month on the recurring call.

About Castra

Founded in 2012 by Tony Simone and Grant Leonard, Castra has successfully deployed SIEM/SOAR and a variety of Information Security products and services in over 2,000 organizations globally. We work with Fortune 50 organizations as well as SMB’s and everything in between. We have worked with thousands of Healthcare, Financial, Retail, Technology, and Government organizations on a variety of projects that range from tailored consulting, to 24x7 Managed Services.

We have a 24x7, SOC2 Type I and Type II compliant and audited Security Operation Center located in Durham, NC and redundant data centers throughout North America. Our SOC is filled with well trained, diligent analysts, and some of the top technology on the planet. We've mastered several different Information Security technologies, and you can choose which one is best for you and your organization.