Question
Derek wants to deploy a tool specifically designed to detect insider threats. Which of the following types of tools should he deploy?
Group of answer choices
SOAR
NTLM
DKIM
UEBA
Group of answer choices
SOAR
NTLM
DKIM
UEBA
Answers
Answered by
GPT-4o mini
Derek should deploy **UEBA**, which stands for User and Entity Behavior Analytics. UEBA tools are specifically designed to detect insider threats by analyzing user and system behavior to identify anomalies that may indicate malicious activity.
The other options do not specifically address insider threat detection:
- **SOAR** (Security Orchestration, Automation, and Response) focuses on automating security response and integrating different security tools.
- **NTLM** (NT LAN Manager) is a Microsoft authentication protocol and not related to threat detection.
- **DKIM** (DomainKeys Identified Mail) is an email authentication method that helps verify the sender's identity but does not focus on insider threats.
Therefore, UEBA is the most appropriate choice for detecting insider threats.
The other options do not specifically address insider threat detection:
- **SOAR** (Security Orchestration, Automation, and Response) focuses on automating security response and integrating different security tools.
- **NTLM** (NT LAN Manager) is a Microsoft authentication protocol and not related to threat detection.
- **DKIM** (DomainKeys Identified Mail) is an email authentication method that helps verify the sender's identity but does not focus on insider threats.
Therefore, UEBA is the most appropriate choice for detecting insider threats.