Active Directory Security: Detecting Internal Attacks
Date: Thursday, June 20th at 11:00am PT / 2:00pm ET
SIEM solutions can assist in detecting distinct security events when thresholds of security events occur. However, SIEM solutions struggle when internal users leverage their current capabilities in a malicious way. These "allowed attackers" can cause disruption, access data, and even attack the network, while your SIEM solution fails to trigger the actions as a potential threat.
In this webinar, MVP Derek Melber will guide you through how you can configure your SIEM to detect direct attacks and also improve your SIEM with technologies such as user behavior analytics (UBA). When the webinar is over you will have a full list of solutions you can implement to see when you are under attack.
In this webinar you will learn:
- Where SIEM solutions fall short in detecting internal attacks
- What an “allowed attacker” is in your organization
- How you can leverage SIEM features to be alerted to an attack
- Why UBA and UEBA can extend your SIEM solution to see even more attacks