2021-09-29T05:10:00Z

What insider threat detection tool do you recommend to a company with a modest budget?

Hi peers,

What insider threat detection tool/s do you recommend to a company with a modest budget?  

What makes this tool better than others? 

Thank you.

EB
Director of Community at PeerSpot (formerly IT Central Station)
  • 2
  • 76
2
PeerSpot user
2 Answers
WL
Enterprise System Management at ESM Consultant
Consultant
Top 10
2021-10-18T16:08:24Z
Oct 18, 2021

Off the cuff, I would suggest Nagios.  


Unfortunately, the OSE doesn't provide any support though it does offer a limited support agreement. So, if you have a good Unix or Linux administrator who can supply the needed amount of time to configure everything then it's free minus the time they would spend (which is going to be significant initially) out of the box. It does give you basic monitoring of system-level stuff, disks, processes and users.  


Advanced configuration is time-consuming for whoever is tasked,  and unfortunately, some false positives will be experienced initially. I set up the basics for a customer once. 


If you have a little money I'd suggest the Enterprise version of the product: thousand of plugins, and the console has functionality that the OSE doesn't include which will make the life of whoever is responsible a little easier. 


If you have a small enterprise then that's a good sensibly affordable solution. 


There's a lot of other more granular products that can be configured to stand up and dance if you hire experts to provide the care and feeding.  

Search for a product comparison in Business Activity Monitoring
SB
CTO at a tech company with 11-50 employees
Real User
Top 10
2021-10-05T22:26:13Z
Oct 5, 2021

Can you be more specific? If you search this site for 'threat detection' you get lots of different technologies: MDR, XDR, UEBA, IDPS, etc. 

I have used a threat intelligence services, as well as UEBA, and 'threat hunting' services with MDR as well as traditional IPS/IDS and other layered services. Each one detects threats differently - by external intelligence, by network activity, by host activity. 

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Oct 9, 2021

@Stuart Berman thanks for your answer! 
If we're talking about MDR and XDR solutions, which one would be a budget one?

PeerSpot user
Learn what your peers think about IBM MQ. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
Related Questions
BS
CEO at Ebiashara Africa Limited
Feb 1, 2022
Hello peers, We would like to monitor users' machines. Which monitoring solution would you recommend for an enterprise and why?  I appreciate the help.
2 out of 8 answers
it_user297231 - PeerSpot reviewer
Independent Consultant at a tech services company
Jan 10, 2022
https://logsystem.pl/en/ Ask this guy https://www.linkedin.com/in/to...
IB
Managing Director at a tech services company with 1-10 employees
Jan 10, 2022
Well, I suppose it really depends on the reason you ask the question. Is it because you've been bitten by issues in the past?Is it because you have business users complaining or management wondering about user productivity?Is it because of teleworking and the recent workplace changes?I'm not sure the answers would be the same in every case you see or at least the tools and methods could differ depending on your priorities.If your role is measured on not having issues at all then you should ensure you have a BAM solution that's supported by several aspects of monitoring such as APM, BSM and ITSM. APM constantly captures the user experience and measures specific metrics such as round trip time, connectivity time, response time, transaction rates, queue lengths so you have a good idea of what they're experiencing and what may cause that to degrade. Set up properly with synthetic probes it can provide early warning of issues or degradation that will lead to them well before anyone raises a callBSM should consume APM measures to correlate down the food chain and help identify the root cause. Dependency mapping is worthwhile for that, but if you consume SP services then you won't always easily get access to information that of what's gone or is going wrong. When other entities' services can degrade yours, then I'd recommend providing them with a Business value dashboard that shows that issues are coming from them and their impact on your business. It will help to find responsible providers and also negotiate penalties.But penalties aren't going to help you in your service delivery. Your business users will still bicker at you no matter how much you penalise the SPs you contract with.So you may need to monitor several SP's services and have the means to quickly switch i.e. you act as a broker finding and switching between services sometimes automatically. Thus monitoring those SPs and cloud services is going to be a must if your business depends on them. It's not always easy. One of our customers queried us to see if we could improve the visibility of issues concerning virtual services his IT was responsible for. Issues with Microsoft Teams, Sharepoint and other vendors' services weren't easy to diagnose. We were able to research that and find ways to query Microsoft Azure services and correlate service reports with his own IT resources to see if issues were his, Microsoft's network SPs or something or the user's device.  Yes, these users were complaining that their devices dropped calls, were slow, had dropouts, couldn't access data and had slow synchronization. Does it sound familiar? You "could" decide that you want to collect the user machine logs files. Be careful, if you've seen Microsoft event logs - you'll know that those OS's generate tons of data.  You'll never have the time to search them all. Yes, Splunk or Elastic Search and similar tools can search but you'll need to know what you're looking for. Best practice-based search algorithms and templates usually come at a fair price. Don't be lulled into a false sense of security, if you consider those solutions ask for detailed references and try to speak to the people concerned.  In most cases, we've seen they'll tell you that it soon becomes very expensive both in terms of storage and other resources to make it work, but also in expertise and time taken to set up the searches properly. If you can leverage others' experience quickly and inexpensively then do so, otherwise be on your guard Even in this day and age with high speed and most reliable networks, don't let some people say monitoring isn't useful anymore. And don't be fooled into thinking there's a miracle solution to monitor users' machines.  Choose wisely, and seriously consider open source solutions, they're well proven, secure, reliable, scalable, not expensive, yes they can be time-consuming to implement choose a partner wisely to assist. Your original question asks for software solution recommendations. I've made some above but I won't elaborate more as I have never seen two customers with the same environment, priorities and legacy. There's really no silver bullet no ideal tool but there are some which when composed properly can approach that.  So, my final word of advice is to spend a little time specifying a set of use cases which if satisfied would approach that perfection. Then shortlist tools and consultants that can show how a tool stack and associated processes can approach it. Don't believe anyone who tells you EVERYTHING is possible.
PK
Assistant Divisional Manager at a insurance company with 10,001+ employees
Jul 29, 2021
We have Tibco RV deployed for messaging both request reply and certified delivery in a highly distributed environment. This is a very old 2004 deployment and Tibco itself has now moved away from RV.  What could be a good alternative for Bank financial transactions like messages movement with security reliability, no loss and guaranteed delivery in a distributed environment?
2 out of 5 answers
RK
Senior Technical Pre-Sales Consultant / Project Manager (BSM) at a tech services company with 51-200 employees
Sep 14, 2020
You may want to have a look at "Workato". It is built on Docker technology & can give near-zero downtime even during upgrades/patching.
MM
Product Manager at TIBCO Software
Sep 14, 2020
Yes, RV is very old now and as a company we now sell TIBCO Messaging under which our customers can use and be supported with either FTL, EMS, Apache Kafka, Pulsar or Mosquito. We do not believe that a single 'one-size-fits-all' approach is good for customers hence the reason to give our customers the best flexibility to choose a messaging distribution solution based on their needs and allow them even greater flexibility to adopt different patterns throughout their product's lifecycle all backed by enterprise support from a company that's been in the messaging industry for nearly 40 years.
Moderator
DS
Owner at David Strom Inc.
Download Free Report
Download our free IBM MQ Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
706,775 professionals have used our research since 2012.