IBM’s QRadar analyses behaviour to prevent insider threat

IBM Security has introduced a new app, the IBM QRadar User Behaviour Analytics for QRadar, which analyses the usage patterns of insiders in an organisation including employees, contractors and partners to determine whether or not their credentials or systems have been compromised by cybercriminals.

The app is now available for free via the IBM Security App Exchange and will extend IBM QRadar’s security intelligence platform to offer early visibility on potential insider threats before they can do any damage to the business.

IBM says that inside threats are currently responsible for about 60% of attacks that organisations face.

However, roughly a quarter of these attacks result from the employee, contractor or partner's credentials falling into the hands of cybercriminals through malware-laden phishing attacks and other techniques.

With the new user behaviour analytics app, security analysts will be alerted of users trying to log in into high value servers for the first time from new locations, while using privileged account credentials.

The behaviour analytics tool will help in studying the pattern of each employee, contractor or partner of their user behaviour and will flag up any deviations from the known path.

IBM QRadar User Behaviour Analytics uses data from customers’ existing QRadar Investment and uses a single platform to analyse and manage security events and data.

With this integration, security analysts do not have to reload and curate data from multiple platforms to identify and integrate user behaviour with other indicators of compromise that QRadar can detect.

The app analyses risky user actions and applies a score to anomalous behaviours that can help in identifying both potential rogue insiders and suspected cyber criminals using compromised credentials.

Analysts can also understand the actions of users that could have led to opening up a malicious document or an application or how they gained escalated privileges.

As user information is pulled from the entire IT environment, security teams will be able to tap into the existing broad set of data sources and threat intelligence in QRadar to detect threats across users and assets.

IBM Security Strategy and Offering Management vice president Jason Corbin said: “Organisations need a better way to protect themselves against insider threats – whether they be from inadvertent actors or malicious cybercriminals with access to an organisation’s inner workings and technology systems.

“This new app provides analysts with the ability to quickly pivot by using existing cybersecurity data to see the early warning signs that are often buried in suspicious user activities, ultimately helping them more consistently address breaches before they occur.”

According to IBM, its acquisition of Resilient Systems has added the capability to easily respond to incidents elevated in the QRadar platform through the new User Behaviour Analytics app.