User Behavior Analytics (UBA)
- Home
- User Behavior Analytics (UBA)
Detect compromised credentials, lateral movement and other malicious behavior
The IBM Security® QRadar® SIEM User Behavior Analytics (UBA) app establishes a baseline of behavior patterns for your employees, so you can better detect threats to your organization. It uses existing data in QRadar SIEM to generate new insights around users and risk.
By establishing the risk profiles for users inside your network, you can react more quickly to suspicious activity, whether from identity theft, hacking, phishing or malware.
UBA protects against phishing and more
Distinguish normal user behavior from anomalies to stop threats
41%
41% of network infections are caused by phishing
>50%
More than 50% of phishing attacks use spear phishing techniques
100%
There has been a 100% increase per month in threat hijacking attempts, as observed by X-Force® threat detection software
How it works
For the second year in a row, phishing was the leading infection vector where an attacker impersonates someone and uses existing email conversations for nefarious purposes. Understanding users’ normal behavior and noticing anomalies fast is critical to stopping infections. You can add users to the UBA app with the user import wizard, and add risk scoring and unified user identities to QRadar SIEM with the UBA app.
User import wizard
Risk scoring
Unified user identities
What’s included
Machine learning add-on
Enrich and deepen your use cases to perform time series profiling and clustering with the machine learning add-on, which augments the UBA app. Machine learning adds to existing UBA app visualizations that show learned behavior (models), current behavior and alerts. Machine learning uses historical data in QRadar to create the predictive models and baselines of what is normal for a user.
Rules and tuning
UBA rule content is installed after the app is configured and can be edited in the QRadar use case manager app. Rules that measure user risk are added to the UBA rule data table. UBA rules and tuning features allow you to determine the parameters that QRadar SIEM will use to keep your company and data protected.
“And it really just takes one employee to click a link, give their credentials or open up an attachment that could lead to a total compromise.”
Stephanie “Snow” Carruthers
Chief People Hacker
IBM Security® X-Force® Red
Frequently asked questions
UBA is packaged as a collection of 3 apps—an LDAP app that helps ingest and coalesce users’ identity information, a UBA app that helps visualize data and analytics, and a machine learning app that provides a library of machine learning algorithms used to create behavioral models of users’ activities.
Anomaly detection is a technique used to identify unusual patterns that do not conform to normal behavior and differ significantly from most of the data. UBA builds a baseline of normal behavior from a user’s and similar users’ (peers) events and then uses that baseline to detect anomalous behavior.
A risk score is the numeric measure of the potential harmfulness of a user’s activity. Each anomalous behavior that is detected by UBA impacts an individual user’s risk score.
A risk score is the numeric measure of the potential harmfulness of a user’s activity. Each anomalous behavior that is detected by UBA impacts an individual user’s risk score.
The UBA app is offered to QRadar clients at no additional cost.
If you would like more information on IBM QRadar, contact us today!