User and entity behavior analytics (UEBA) and security information and event management (SIEM) are separate security solutions that can work together to detect shifts in behavior that indicate a compromise is occurring. UEBA is enhanced by leveraging the data collected and enriched by a SIEM, and SIEM capabilities are expanded by ingesting UEBA events for further correlation.
One of the best ways to understand this symbiotic relationship is to take an actual source of security events and apply UEBA to it. In this on-demand webcast, Matt Willems, LogRhythm’s technical product manager, joins Ultimate Window Security’s Randy Franklin Smith to uncover the relationship between UEBA and SIEM — giving you an inside view of user behavior analysis in action.
In this webcast, you’ll learn how to apply UEBA and SIEM using data from the Windows Security Log to track:
- When a user normally logs on
- The computer from which the user authenticates
- Additional computers the user accesses
UEBA focuses specifically on a user-centric view of system activity with the goal of detecting when a user’s behavior departs from the norm. Analysts can engage supervised machine learning to develop a dynamic baseline for each user over time, ensuring analytics are based on behavior — not event correlation.
The webcast identifies the most important events from the Windows Security Log for UEBA and the roles that generate them, as well as challenges in correlation. In addition, you’ll learn about alternative logs that augment user behavior analysis.
In this webinar, you’ll also understand
- Examples of identity construction from user identifiers such as Active Directory credentials and email addresses (both corporate and personal)
- Dynamic baselining (i.e., what is normal in your environment vs. a threshold/whitelist/blacklist)
- Two UEBA use cases: one that focuses on authentication from an abnormal location and another that highlights an unusual time/blacklisted location
Watch the on-demand webcast now to learn how to successfully apply UEBA to security events.