Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Orchestrate Your Security Defenses; Protect Against Insider Threats

1/31/2017 Webinar

  • Be the first to comment

Orchestrate Your Security Defenses; Protect Against Insider Threats

  1. 1. IBM QRadar User Behavior Analytics DETECTING INSIDER THREAT AND RISKS December 2016 Milan Patel Program Director, Security
  2. 2. 2 IBM Security Increasing attacks, shortage of skills and growing insider threats Growing Insider Risk Too Many Tools Increasing Attack Activity Too Few People anticipated shortfall by 2020 45 vendors annual increase for InfoSec analysts 1M 100 more security incidents from 2014-201564% ’s of incidents and events daily 37% insider data breaches 43% perpetrators take data and go work for competitors 65% 85 security tools from
  3. 3. 3 IBM Security An insider threat solution needs to deliver • Simplify the overly complex security operations • Deliver faster time to insights and actions • Streamline investigation of offences • Consistent visibility in users, assets and threats • Improve analyst productivity
  4. 4. 4 IBM Security SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security QRadar Vulnerability / Risk Manager Resilient Incident Response X-Force Exchange QRadar Incident Forensics BigFix Network Protection XGS QRadar SIEM I2 Enterprise Insight Analysis App Exchange SECURITY OPERATIONS AND RESPONSE MaaS360 INFORMATION RISK AND PROTECTION Trusteer Mobile Trusteer Rapport AppScan Guardium Cloud Security Privileged Identity Manager Identity Governance and Access Cloud Identity Service Key Manager zSecure Trusteer Pinpoint QRadar User Behavior Analytics Integrated view helps you see before you can stop insider threats
  5. 5. 5 IBM Security Comprehensive data set and open analytics to sense malicious users Insider Risk Score SENSE ANALYTICSTM BEHAVIORAL • Pattern identification • User and entity profiling • Statistical analysis • Anomaly detection CONTEXTUAL • Business context • Entity and user context • External threat correlation TIME-BASED • Historical analytics • Real-time analytics • Threat hunting • Threshold rules Users Cloud Applications Applications Data Servers DLP Endpoints Network Threat Intelligence 3rd Party SIEM feeds Other analytics
  6. 6. 6 IBM Security IBM User Behavior Analytics
  7. 7. @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU