User Behavior Analytics - UEBA Questions
Evgeny Belenky
IT Central Station
Aug 27 2021

Hi community members,

Let's discuss what are the main differences between UEBA (User and Entity Behavior Analytics) and SIEM (Security Information and Event Management) solutions.

Tjeerd SaijoenMany SIEM solutions like QRadar are using UEBA in a SIEM solution. User and… more »
Navin RehniusSIEM is the platform where we can see all of the security events. Here we can… more »
David SwiftSIEM vs UEBA 1. SIEM is designed to store events for extended periods… more »
Karin Krings
User at University of Phoenix

I'm looking for recommendations for software to detect insider threats. Where can I find a Pros/Cons template, customized to organization, to source insider threat detection support?

Xavier SuriolI would suggest statistical methods (including machine learning): First, outlier… more »
reviewer1324719This is an inside-out --- outside-in --- inside-in question, as an insider can… more »
Ken ShauretteYou'd need to break out better what you consider to be the types of insider… more »
Jay Thompson
Chief Operational Officer at Merchant Light LLC

If you host your website on your own server, it will be open to the public. Is there a way to monitor/ protect the rest of your network from hackers who have open access to your site? We have a single LAN and public site on the domain server of that LAN. Windows IIS is running our site on our Windows 2019 Server and most business data has been pulled off the server to a client machine. 

We don't have a huge (okay, hardly any) budget to work with.

Industry: IT Tech Support; application development; application interface development; retail sales of hardware and software, monthly PAAS support services including monitoring, patching, anti-malware, network maintenance and 24x7 support.

Requirements: monitor only those nodes and forests that need to be protected.  If monitoring tells you who is visiting your website, great, but we already have that. We want to know who is trying to hack our site or network using procedure calls or other means that are not predefined and approved by security team. 

Steffen HornungHi, your question tangles on various subjects. Firstly, IIS is a great choice… more »