Orchestrate Your Security Defenses; Protect Against Insider Threats
1. IBM QRadar User Behavior Analytics
DETECTING INSIDER THREAT AND RISKS
December 2016
Milan Patel
Program Director, Security
2. 2 IBM Security
Increasing attacks, shortage of skills and growing insider threats
Growing Insider Risk
Too Many Tools Increasing Attack Activity
Too Few People
anticipated shortfall by 2020
45 vendors
annual increase
for InfoSec analysts
1M
100
more security incidents
from 2014-201564%
’s of incidents
and events daily
37%
insider data
breaches
43%
perpetrators take data
and go work for competitors
65%
85 security tools from
3. 3 IBM Security
An insider threat solution needs to deliver
• Simplify the overly complex
security operations
• Deliver faster time to insights
and actions
• Streamline investigation
of offences
• Consistent visibility in users,
assets and threats
• Improve analyst productivity
4. 4 IBM Security
SECURITY TRANSFORMATION SERVICES
Management consulting | Systems integration | Managed security
QRadar Vulnerability / Risk Manager Resilient Incident Response
X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
QRadar SIEM I2 Enterprise Insight Analysis
App Exchange
SECURITY OPERATIONS
AND RESPONSE
MaaS360
INFORMATION RISK
AND PROTECTION
Trusteer Mobile
Trusteer Rapport
AppScan
Guardium
Cloud Security
Privileged Identity Manager
Identity Governance and Access
Cloud Identity Service
Key Manager
zSecure
Trusteer Pinpoint
QRadar User Behavior Analytics
Integrated view helps you see before you can stop insider threats
5. 5 IBM Security
Comprehensive data set and open analytics to sense malicious users
Insider Risk
Score
SENSE
ANALYTICSTM
BEHAVIORAL
• Pattern identification
• User and entity profiling
• Statistical analysis
• Anomaly detection
CONTEXTUAL
• Business context
• Entity and user context
• External threat correlation
TIME-BASED
• Historical analytics
• Real-time analytics
• Threat hunting
• Threshold rules
Users
Cloud
Applications
Applications
Data
Servers
DLP
Endpoints
Network
Threat
Intelligence
3rd Party
SIEM feeds
Other
analytics