OREANDA-NEWS. IBM (NYSE: IBM) Security today announced a new app for IBM QRadar which analyzes the usage patterns of insiders, including employees, contractors and partners, to determine if their credentials or systems have been compromised by cybercriminals. IBM QRadar User Behavior Analytics, available for free via the IBM Security App Exchange, extends IBM QRadar’s security intelligence platform to provide early visibility into potential insider threats before they can do further damage to a business.

Insider threats are currently responsible for 60 percent of attacks facing businesses, but roughly a quarter of these attacks are the result of users’ credentials falling into the hands of hackers via employees, contractors or partners who are tricked by malware-laden phishing attacks or other techniques. For example, the new user behavior analytics app would alert analysts to a user logging into a high value server for the first time, from a new location, while using a privileged account. This change in pattern would be identified because the IBM QRadar User Behavior Analytics solution created a baseline of normal user behavior for this employee and detected a significant deviation.

“Organizations need a better way to protect themselves against insider threats – whether they be from inadvertent actors or malicious cybercriminals with access to an organization’s inner workings and technology systems,” said Jason Corbin, Vice President of Strategy and Offering Management, IBM Security. “This new app provides analysts with the ability to quickly pivot by using existing cybersecurity data to see the early warning signs that are often buried in suspicious user activities, ultimately helping them more consistently address breaches before they occur.”

IBM QRadar User Behavior Analytics leverages data from customers’ existing QRadar investment giving them a single platform to analyze and manage security events and data. This integration saves security analysts from having to reload and curate data from multiple platforms to identify and investigate user behavior side-by-side with other indicators of compromise QRadar detects. The solution helps security professionals guard against malicious threats through:

  • Risk Analysis Profiles – the app analyzes risky user actions and applies a score to anomalous behaviors helping to identify both potential rogue insiders and suspected cybercriminals using compromised credentials.

  • Prioritized Behavioral Analysis Dashboard – analysts can gain better visibility and understanding of actions that lead a user to open up a malicious document or how they gained escalated privileges. A single mouse click, or an attachment or link in a phishing email, for example, can add suspicious user activity to a watch list or permit a text-based annotation to explain the analyst’s observations.

  • Enhancing Existing QRadar Security Data – with user information pulled from the entire IT environment, security teams will be able to tap into the existing broad set of data sources and threat intelligence in QRadar to detect threats across users and assets.

With the recent acquisition of Resilient Systems, IBM has added the capability to easily respond to incidents elevated in the QRadar platform via the new User Behavior Analytics app. Available for free download on the IBM Security App Exchange, the QRadar User Behavior Analytics application is part of IBM’s open approach to developing security tools that can be leveraged in the fight against cybercrime.