Best practice for detecting and protecting against insider threats: IBM Security QRadar UBA – Part 1

Back to events


In the current climate businesses are becoming increasingly more vulnerable, with a larger remote work force, changes in typical behaviours and an expanding threat environment. Phishing attacks are on the rise, with COVID related phishing attacks rocketing by 6000% in the past 6 months. As 70% of phishing attacks are used to steal credentials and 81% of data breaches using stolen credentials it is essential to keep advancing and improving our security posture.

IBM Security QRadar User Behaviour Analytics (UBA) analyses user activity to detect malicious insiders and determine if a user's credentials have been compromised. Security analysts can easily see risky users, view their anomalous activities and drill down into the underlying log and flow data that contributes to a user’s risk score.

As an integrated component of the QRadar Security Intelligence Platform, UBA leverages out of the box behavioural rules and machine learning models to add user context to network, log, vulnerability and threat data to quickly and accurately detect attacks.

These behavioural rules work to protect you from:
– Compromised or stolen credentials
– Careless or Malicious Insiders
– Malware takeover of user accounts

That’s not all, QRadar UBA delivers value to your SOC through:
– Analyst Effectiveness: Reduced detection time identifying activities of interest and detect known and even unknown threats
– Analyst Efficiency: Expedite investigations, reduced response time and reduce the need for deep data expertise
– Time to Value: Easy to acquire and quick to deploy and configure

Everything starts with understanding. Understanding your users, understanding the data and understanding its value.


Agenda
10:30 - 10:40: Sam Hector – Market Overview
10:40 - 11:05: Chris Ross – QRadar/QRoC Overview
11:05 - 11:15: Q&A




#QRadar
Event Image
When:  Sep 29, 2020 from 10:30 AM to 11:15 AM (UTC)