The IBM Security® QRadar® SIEM User Behavior Analytics (UBA) app establishes a baseline of behavior patterns for your employees, so you can better detect threats to your organization. It uses existing data in QRadar SIEM to generate new insights around users and risk.
By establishing the risk profiles for users inside your network, you can react more quickly to suspicious activity, whether from identity theft, hacking, phishing or malware.
Distinguish normal user behavior from anomalies to stop threats
For the second year in a row, phishing was the leading infection vector where an attacker impersonates someone and uses existing email conversations for nefarious purposes. Understanding users’ normal behavior and noticing anomalies fast is critical to stopping infections. You can add users to the UBA app with the user import wizard, and add risk scoring and unified user identities to QRadar SIEM with the UBA app.
Stephanie “Snow” Carruthers
Chief People Hacker
IBM Security® X-Force® Red
Anomaly detection is a technique used to identify unusual patterns that do not conform to normal behavior and differ significantly from most of the data. UBA builds a baseline of normal behavior from a user’s and similar users’ (peers) events and then uses that baseline to detect anomalous behavior.
A risk score is the numeric measure of the potential harmfulness of a user’s activity. Each anomalous behavior that is detected by UBA impacts an individual user’s risk score.
If you would like more information on IBM QRadar, contact us today!
NDM Technologies © 1994 - Present | Website Developed & Managed by C. CREATIVE, LLC