One of the biggest threats to the security of an organization is if the credentials of an employee or contractor are compromised. IBM QRadar User Behavior Analytics, a new app for the QRadar platform announced Wednesday, is hoping to solve that problem.
QRadar User Behavior Analytics, as the name implies, analyzes user behavior to determine if there are any looming insider threats, particularly around compromised credentials. The idea is that early visibility will help organizations head off problems at the start, before they can cause serious damage.
According to IBM's press release announcing the app, insider threats account for 60% of the attacks businesses are facing. And, a big part of that has to do with compromised credentials.
By analyzing usage patterns, the QRadar User Behavior Analytics would be able to spot suspicious behavior from a user account and report it. The press release gave the example of a user logging into a high-value server for the first time, from a previously unused location. Since that behavior falls outside of the normal scope of behavior for that user, it would be reported.
IBM QRadar User Behavior Analytics integrates with, and uses data from, the QRadar security platform. Using a single platform approach saves time by not having to reload or re-curate data from disparate sources, IBM said. The tool protects in three distinct ways: It establishes risk analysis profiles based on user behavior, provides a prioritized behavior analysis dashboard, and enhances the existing data on the QRadar platform.
SEE: Information security policy template (Tech Pro Research)
This latest application plays into IBM's acquisition of Resilient Systems, which closed in April 2016. Resilient was known for its Incident Response Platform (IRP), which helped companies mitigate and respond to cyberattacks more quickly. Through the IBM QRadar User Behavior Analytics, users will be able to respond to elevated, or critical, incidents as well.
The announcement is the latest in a major security push that IBM has been making over the past few years. In that time IBM has launched blockchain security services for the government, set up cybersecurity centers, partnered on security products, and even brought its cognitive computing system Watson in to fight cybercrime.
The QRadar User Behavior Analytics application is available for free download on the IBM Security App Exchange.
The 3 big takeaways for TechRepublic readers
- IBM recently announced the QRadar User Behavior Analytics, an application that analyzes user behavior to determine potential insider threats.
- Insider threats are a big part of cyberattacks in the enterprise, and many have to do with compromised credentials, which the application seeks to analyze.
- IBM has made a massive push toward security in recent years, touching nearly every aspect of its core business.
- Ransomware 2.0 is around the corner and it's a massive threat to the enterprise (TechRepublic)
- Inside IBM's plan to become a cloud broker and even resell AWS, Microsoft Azure (ZDNet)
- IBM Watson takes on cybercrime with new cloud-based cybersecurity technology (TechRepublic)
- IBM, The Weather Company use machine learning to predict impact of weather (ZDNet)
- IBM launches cloud-based development environment for Apache Spark (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.