The company has made IBM QRadar User Behavior Analytics, available for free via the IBM Security App Exchange. It extends IBM QRadar’s security intelligence platform to provide early visibility into potential insider threats before they can do further damage to a business.
According to IBM X Force Cyber Threat Index 2016, insider (empoyees, contractors and partners) threats are currently responsible for 60 percent of attacks facing businesses, but roughly 25 percent of these attacks are the result of users’ credentials falling into the hands of hackers via employees, contractors or partners who are tricked by malware-laden phishing attacks or other techniques.
How it works?
The IBM QRadar User Behaviour Analytics (UBA) app claims to alert analysts to a user logging into a high value server for the first time, from a new location, while using a privileged account. This change in pattern would be identified because the IBM QRadar UBA solution created a baseline of normal user behavior for this employee and detected a significant deviation.
It leverages data from customers’ existing QRadar investment giving them a single platform to analyze and manage security events and data. This integration saves security analysts from having to reload and curate data from multiple platforms to identify and investigate user behavior side-by-side with other indicators of compromise QRadar detects.
Jason Corbin, Vice President, Strategy and Offering Management, IBM Security says:
Organizations need a better way to protect themselves against insider threats – whether they be from inadvertent actors or malicious cybercriminals with access to an organization’s inner workings and technology systems. This new app provides analysts with the ability to quickly pivot by using existing cybersecurity data to see the early warning signs that are often buried in suspicious user activities, ultimately helping them more consistently address breaches before they occur.
How will QRadar UBA help?
- Risk Analysis Profiles, which analyzes risky user actions and applies a score to anomalous behaviors helping to identify both potential rogue insiders and suspected cybercriminals using compromised credentials.
- Prioritized Behavioral Analysis Dashboard, that can be used by analysts to gain better visibility and understanding of actions that lead a user to open up a malicious document or how they gained escalated privileges. A single mouse click, or an attachment or link in a phishing email, for example, can add suspicious user activity to a watch list or permit a text-based annotation to explain the analyst’s observations.
- Enhancing Existing QRadar Security Data with user information pulled from the entire IT environment, helps security teams tap into the existing broad set of data sources and threat intelligence in QRadar to detect threats across users and assets.
In February this year, IBM acquired Resilient Systems and has added the capability to respond to incidents elevated in the QRadar platform via the new User Behavior Analytics app. The company states that the QRadar UBA application is part of its open approach to developing security tools that can be leveraged in the fight against cybercrime.
Since the last two years, IBM claims to have been helping security professionals collaborate to achieve an advantage over cybercriminals, including opening its 700 TB of threat data to the public with the launch of IBM X-Force Exchange. The IBM Security App Exchange is built on the X-Force Exchange and states to have developed into an online marketplace for partners and customers to share and download apps based on IBM Security technologies, such as IBM QRadar. The marketplace features third party solutions that help clients to customize their security environment using IBM’s open platform approach.