ARMONK, N.Y., July 27, 2016 /PRNewswire/ -- IBM Security
(NYSE: IBM) today announced a new app for IBM QRadar which analyzes
the usage patterns of insiders, including employees, contractors
and partners, to determine if their credentials or systems have
been compromised by cybercriminals. IBM QRadar User Behavior
Analytics, available for free via the IBM Security App Exchange,
extends IBM QRadar's security intelligence platform to provide
early visibility into potential insider threats before they can do
further damage to a business.
Insider threats are currently responsible for 60 percent of
attacks facing businesses, but roughly a quarter of these attacks
are the result of users' credentials falling into the hands of
hackers via employees, contractors or partners who are tricked by
malware-laden phishing attacks or other techniques[1]. For
example, the new user behavior analytics app would alert analysts
to a user logging into a high value server for the first time, from
a new location, while using a privileged account. This change in
pattern would be identified because the IBM QRadar User Behavior
Analytics solution created a baseline of normal user behavior for
this employee and detected a significant deviation.
"Organizations need a better way to protect themselves against
insider threats – whether they be from inadvertent actors or
malicious cybercriminals with access to an organization's inner
workings and technology systems," said Jason Corbin, Vice President of Strategy and
Offering Management, IBM Security. "This new app provides analysts
with the ability to quickly pivot by using existing cybersecurity
data to see the early warning signs that are often buried in
suspicious user activities, ultimately helping them more
consistently address breaches before they occur."
IBM QRadar User Behavior Analytics leverages data from
customers' existing QRadar investment giving them a single platform
to analyze and manage security events and data. This integration
saves security analysts from having to reload and curate data from
multiple platforms to identify and investigate user behavior
side-by-side with other indicators of compromise QRadar detects.
The solution helps security professionals guard against malicious
threats through:
- Risk Analysis Profiles – the app analyzes risky user
actions and applies a score to anomalous behaviors helping to
identify both potential rogue insiders and suspected cybercriminals
using compromised credentials.
- Prioritized Behavioral Analysis Dashboard – analysts can
gain better visibility and understanding of actions that lead a
user to open up a malicious document or how they gained escalated
privileges. A single mouse click, or an attachment or link in a
phishing email, for example, can add suspicious user activity to a
watch list or permit a text-based annotation to explain the
analyst's observations.
- Enhancing Existing QRadar Security Data – with user
information pulled from the entire IT environment, security teams
will be able to tap into the existing broad set of data sources and
threat intelligence in QRadar to detect threats across users and
assets.
With the recent acquisition of Resilient Systems, IBM has added
the capability to easily respond to incidents elevated in the
QRadar platform via the new User Behavior Analytics app. Available
for free download on the IBM Security App Exchange, the QRadar User
Behavior Analytics application is part of IBM's open approach to
developing security tools that can be leveraged in the fight
against cybercrime.
Over the past two years, IBM has made significant moves to help
security professionals worldwide collaborate to achieve an
advantage over cybercriminals, including opening its 700 TB of
threat data to the public with the launch of IBM X-Force Exchange.
Built on X-Force Exchange intelligence, the IBM Security App
Exchange has developed into an expansive online marketplace for
partners and customers to share and download apps based on IBM
Security technologies, such as IBM QRadar. The marketplace features
dozens of 3rd party solutions to further clients'
ability to customize their security environment using IBM's open
platform approach.
About IBM Security
IBM Security offers one of the most advanced and integrated
portfolios of enterprise security products and services. The
portfolio, supported by world-renowned IBM X-Force® research,
enables organizations to effectively manage risk and defend against
emerging threats. IBM operates one of the world's broadest security
research, development and delivery organizations, monitors 20
billion security events per day in more than 130 countries, and
holds more than 3,000 security patents. For more information,
please visit www.ibm.com/security, follow @IBMSecurity on
Twitter or visit the IBM Security Intelligence blog.
1 IBM X-Force Cyber Threat Index, 2016
Media Contact:
Cassy Lalan
IBM Security Media Relations
319-230-2232
cllalan@us.ibm.com
Logo - http://photos.prnewswire.com/prnh/20090416/IBMLOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/ibm-security-tackles-insider-threats-with-user-behavior-analytics-300304479.html
SOURCE IBM