IBM QRadar User Behavior Analytics to make 'insider' threats visible
IBM Security, that provides security intelligence, integration, and protection against cyber security threats has announced a new application called IBM QRadar. This new app claims to analyze the usage patterns of employees and partners to determine if their credentials have been compromised by cyber-criminals.
The company has made IBM QRadar User Behavior Analytics, available for free via the IBM Security App Exchange. It extends IBM QRadar’s security intelligence platform to provide early visibility into potential insider threats before they can do further damage to a business.
According to IBM X Force Cyber Threat Index 2016, insider (empoyees, contractors and partners) threats are currently responsible for 60 percent of attacks facing businesses, but roughly 25 percent of these attacks are the result of users’ credentials falling into the hands of hackers via employees, contractors or partners who are tricked by malware-laden phishing attacks or other techniques.
How it works?
The IBM QRadar User Behaviour Analytics (UBA) app claims to alert analysts to a user logging into a high value server for the first time, from a new location, while using a privileged account. This change in pattern would be identified because the IBM QRadar UBA solution created a baseline of normal user behavior for this employee and detected a significant deviation. It leverages data from customers’ existing QRadar investment giving them a single platform to analyze and manage security events and data. This integration saves security analysts from having to reload and curate data from multiple platforms to identify and investigate user behavior side-by-side with other indicators of compromise QRadar detects. Jason Corbin, Vice President, Strategy and Offering Management, IBM Security says:Organizations need a better way to protect themselves against insider threats – whether they be from inadvertent actors or malicious cybercriminals with access to an organization’s inner workings and technology systems. This new app provides analysts with the ability to quickly pivot by using existing cybersecurity data to see the early warning signs that are often buried in suspicious user activities, ultimately helping them more consistently address breaches before they occur.
How will QRadar UBA help?
- Risk Analysis Profiles, which analyzes risky user actions and applies a score to anomalous behaviors helping to identify both potential rogue insiders and suspected cybercriminals using compromised credentials.
- Prioritized Behavioral Analysis Dashboard, that can be used by analysts to gain better visibility and understanding of actions that lead a user to open up a malicious document or how they gained escalated privileges. A single mouse click, or an attachment or link in a phishing email, for example, can add suspicious user activity to a watch list or permit a text-based annotation to explain the analyst’s observations.
- Enhancing Existing QRadar Security Data with user information pulled from the entire IT environment, helps security teams tap into the existing broad set of data sources and threat intelligence in QRadar to detect threats across users and assets.