SlideShare a Scribd company logo

IBM QRadar UBA

Download as PPTX, PDF
IBM Security
IBM Security

5/5/17 Webinar Deck

Technology
1 of 24
IBM QRadar User Behavior Analytics DETECTING INSIDER THREAT AND RISKS May 2017
2 IBM Security Agenda • Problem Context • Typical Challenges • IBM UBA capabilities with machine learning analytics • IBM’s integrated approach to insider threat protection • Case Study • Next Steps Johnny Shin Executive Consultant - Identity and Access Management Architecture & Program Delivery jkshin@us.ibm.com Jas Johal Sr. Offering Manager – IAM Services IBM Security Johal@us.ibm.com Milan Patel Program Director Security Offerings Management IBM Security milpatel@us.ibm.com
3 IBM Security Increasing attacks, shortage of skills and growing insider threats continue to dominate Growing Insider Risk Too Many Tools Increasing Attack Activity Too Few People anticipated shortfall by 2020 45 vendors annual increase for InfoSec analysts 1M 100 more security incidents from 2014-201564% ’s of incidents and events daily 37% insider data breaches 43% perpetrators take data and go work for competitors 65% 85 security tools from
4 IBM Security SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security QRadar Vulnerability / Risk Manager Resilient Incident Response X-Force Exchange QRadar Incident Forensics BigFix Network Protection XGS QRadar SIEM I2 Enterprise Insight Analysis App Exchange SECURITY OPERATIONS AND RESPONSE MaaS360 INFORMATION RISK AND PROTECTION Trusteer Mobile Trusteer Rapport AppScan Guardium Cloud Security Privileged Identity Manager Identity Governance and Access Cloud Identity Service Key Manager zSecure Trusteer Pinpoint QRadar User Behavior Analytics Our integrated view provides visibility so you can stop insider threats
5 IBM Security Example - Extending UBA with flow data • Detect flow based anomalies • Accessing non-business resources • Accessing unauthorized resources • Potential spam/phishing attempts • Detecting malware infection • Accessing sensitive personal information • Out of policy web usage • Detect DNS anomalies • DGA • Fastflux • Tunneling and exfiltration • End-point infection analytics
6 IBM Security Example - Extending QVM/QRM with UBA data • Prioritize Vulnerabilities based on user risk • Scanning Assets of users above risk thresholds • Degrees of separation to critical assets or information for risk management • Add, modify rules on IPS side to block at user level if user is phished • Augment asset risk based on user risk • Monitor possible attack vectors for Risky users
7 IBM Security Comprehensive data set and open analytics sense malicious users Insider Risk Score SENSE ANALYTICSTM BEHAVIORAL • Pattern identification • User and entity profiling • Statistical analysis • Anomaly detection CONTEXTUAL • Business context • Entity and user context • External threat correlation TIME-BASED • Historical analytics • Real-time analytics • Threat hunting • Threshold rules Users Cloud Applications Applications Data Servers DLP Endpoints Network Threat Intelligence 3rd Party SIEM feeds Other analytics
8 IBM Security Comprehensive data set and open analytics sense malicious users
9 IBM Security IBM QRadar UBA 2.0 • Machine Learning algorithms • Flow based use cases that leverage QNI
10 IBM SecurityIBM INTERNAL & BUSINESS PARTNER USE ONLY IBM QRadar UBA: Detecting anomalous deviations  Monitor users on deviation from normal behavior: • 14 different event categories of QRadar • temporal analysis • time series analysis  Predict range in which the users’ activities should fall  Example anomalous activities detected by these algorithms are: • Abnormal change in user activity (over time) • Abnormal change in user’s authentication or access activity • Deviation from normal risk posture of the user
11 IBM SecurityIBM INTERNAL & BUSINESS PARTNER USE ONLY IBM QRadar UBA: Machine Learning algorithms “Deviations from normal behavior”
12 IBM Security SOC analysts gain speed from user behavior analytics …in the hunt to reduce risks and eliminate threats Easily find malicious behavior Easily acquire, deploy and use Improve analyst efficiency  Detect threats across users and assets leveraging advanced analytics with behavioral patterns  Tap into broad set of internal data sources and threat intelligence  Visibility into the risk posture within hours not days  Download app and install quickly  Identify risky users, behavior and offences in minutes not hours  Reduce overhead on skills and time
13 IBM Security To get most of your UBA - 3 steps to stop harmful insider actions STEP 2: Detect insider threats: Anticipate the risk of malicious actions before they occur and respond when breached STEP 1: Reduce your exposure: Secure your sensitive data and govern your user identities
14 IBM Security Address security gaps insiders exploit with an integrated approach 1. Who has access to sensitive data? 2. Who should have access? 3. Can you control privileged user access to sensitive data? 4. How are your users accessing the data? 1. What data is sensitive? 2. Where is sensitive data stored? 3. Is the right sensitive data being exposed? 4. What risk is associated with sensitive data? 1. What are end users and administrators doing with data? 2. What do normal transaction patterns look like between the user and your sensitive data? 3. How much can you trust each individual user? 4. When should a deviation from “normal” be cause for further investigation?
15 IBM Security  User Behavior Analytics  SIEM  Access management  Identity management & governance  Privileged users management  Data protection  Risk detection & threat analytics  Data activity monitoring Safeguard against harmful insider actions with trusted security expertise, actionable intelligence and powerful technology Security Services  Identify gaps, improve compliance and prioritize security actions  Integrate your capabilities  Security expertise to drive insights
16 IBM Security 3 steps to stop harmful insider actions STEP 2: Detect insider threats. Anticipate the risk of malicious actions before they occur and respond when breached STEP 1: Reduce your exposure. Secure your sensitive data and govern your user identities STEP 3: Get started today. Apply a systematic approach and methodology to your 5-10 most important crown jewel data.
17 IBM Security Getting started: An integrated approach that provides clear, actionable intelligence Prioritize compliance and security actions with risk-based insights from end-to-end mapping of your critical information’s access pathways Analyze user behaviors to detect suspicious activities for further investigation Insider threat protection services from IBM Trusted IBM security specialists can offer the business, data and IAM security experience to help you evaluate intelligence, draw more meaningful conclusions and prepare for next steps.
18 IBM Security IBM puts our insider threat solution into practice with a consistent and repeatable four step operational model with emphasis on high risk assets 1 2 3 4Define Discover Investigate Remediate Define Use Case Identify critical data (crown jewels) Identify privileged users Matching user list Corporate Data Trigger  Machine/ statistical analysis  Resource usage analysis  Policy violation analysis  Top down comparative analysis  Bottom up comparative analysis Anomaly Activity Trigger Potential Threat APP/SYSTEM TRANSACITON LOG APP/SYSTEM CHANGE LOG APP/SYSTEM ACCESS LOG APP/SYSTEM PROCESS EXCEPTION LOG ApplicationsEnterpriseSystems HTTP SITE ACCESS/ DOWNLOAD LOG EMAIL HISTORY/ ATTACHMENTS LOG PC LAPTOP USB/ EXT. HARD DR./CD COPY LOG LYNC CHAT/ DOWNLOAD LOG REMOTE ACCESS LOG PRINTER/FAX LOG PHYSICAL ACCESS LOG EXT. STORAGE ACCESS LOG EXT. EMAIL ACCESS LOG SHARE DRIVE/ POINT ACCESS HISTORY PC/ LAPTOP LOSS/ STOLEN REPORT PC/ LAPTOP CRASH/ REPARE LOG Decision Committee Application Owner/Controller User’s Manager Escalation Corporate/ Legal Action Close Loop/ Remediation PICTURE PC/ LAPTOP SCREEN (CCTV) Insider threat protection services from IBM
19 IBM Security We implemented this solution for one of our global pharma clients to help address concerns about the impact of major re-org on employee morale Project Overview: 1. Identified 7 areas of Information Classification in scope for the project • Finance Management, Financial Transactions, Procurement-Sourcing, HR, Tax, Planning, and Risk Management 2. Out of the 7 areas of Information Classification, identified 11 Confidential “Red” information for use cases • True Cost Data, Process Order, Serialization, Employee SPI, Investigation and Disciplinary, Purchasing and Contractual, Vendor SPI, Customer SPI, Undisclosed Financial Data, Project System 3. Mapped ~ 20% of “Red” data to specific SAP tables, transactions, and roles which expose the information 4. Collected 7 months of SAP transaction logs to analyze user activities across the sensitive transactions identified 5. Identified anomaly activities for further investigation
20 IBM Security During the project, we analyzed sensitive transactions used for the first time on the month leaving the company Data Summary: • 7 months of SAP transaction logs obtained • Termination report obtained 1,984 users • Over 1M lines of transaction log entries captured • Of 1M entries, 56k sensitive transactions used • Of 56k transactions, 885 sensitive transactions were used by users on the terminated report Outcome: • 1st Analysis Finding: 8 users used 10 sensitive transactions for the first time in December 2014 before leaving company 1st Analysis Findings
21 IBM Security Our team also detected sudden and significant increases of users using sensitive transaction on the month leaving the company… risky insiders! Data Summary: • 7 months of SAP transaction logs obtained • Termination report obtained 1,984 users • Over 1M lines of transaction log entries captured • Of 1M entries, 56k sensitive transactions used • Of 56k transactions, 885 sensitive transactions were used by users on the terminated report Outcome: • 2nd Analysis Finding: 7 users show sudden increase in sensitive transaction usage right before the termination 2nd Analysis Findings
22 IBM Security Our experts help deliver Leading security innovation by IBM Research, with over 3,000 security and risk patents Strategic Advising Product Agnostic Recommendations Cognitive-driven Solutions Derive insights from Watson Analytics Award winning IBM Security Systems can provide a full range of integrated security services and products Worldwide Presence Threat visibility from 10 Security Operations Centers monitoring 13-plus billon events per day from 20,000-plus devices Worldwide Subject Matter Expertise over 3,700 security consultants and 3,300 service delivery experts IAM Expertise
23 IBM Security Take action now • Download the whitepaper, “An Integrated Approach to Insider Threat Protection” • Read the blog on using Machine Learning to Detect Anomalies in Users’ Activities Learn more • Call your rep, or reach out to 1 (877) 257-5227 • Experiencing a breach? IBM Incident Response 24x7 Hotline: 1-888-241-9812 Contact IBM Questions? Let us know. Jas Johal Sr. Offering Manager – IAM Services Johal@us.ibm.com Johnny Shin Sr. Executive Consultant- IAM jkshin@us.ibm.com Milan Patel Program Director Security Offerings Management milpatel@us.ibm.com
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkBernie Leung, P.E., CISSP
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 

More Related Content

What's hot

Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 

What's hot (20)

Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 

Viewers also liked

Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
CYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIORCYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIORDharmik Navadiya
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 

Viewers also liked (6)

Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
CYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIORCYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIOR
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 

Similar to IBM QRadar UBA

Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEMThomas Springer
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorFMA Summits
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliJürgen Ambrosi
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous BehaviorCapgemini
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous BehaviorCapgemini
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 

Similar to IBM QRadar UBA (20)

Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protection
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentali
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

IBM QRadar UBA

  • 1. IBM QRadar User Behavior Analytics DETECTING INSIDER THREAT AND RISKS May 2017
  • 2. 2 IBM Security Agenda • Problem Context • Typical Challenges • IBM UBA capabilities with machine learning analytics • IBM’s integrated approach to insider threat protection • Case Study • Next Steps Johnny Shin Executive Consultant - Identity and Access Management Architecture & Program Delivery jkshin@us.ibm.com Jas Johal Sr. Offering Manager – IAM Services IBM Security Johal@us.ibm.com Milan Patel Program Director Security Offerings Management IBM Security milpatel@us.ibm.com
  • 3. 3 IBM Security Increasing attacks, shortage of skills and growing insider threats continue to dominate Growing Insider Risk Too Many Tools Increasing Attack Activity Too Few People anticipated shortfall by 2020 45 vendors annual increase for InfoSec analysts 1M 100 more security incidents from 2014-201564% ’s of incidents and events daily 37% insider data breaches 43% perpetrators take data and go work for competitors 65% 85 security tools from
  • 4. 4 IBM Security SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security QRadar Vulnerability / Risk Manager Resilient Incident Response X-Force Exchange QRadar Incident Forensics BigFix Network Protection XGS QRadar SIEM I2 Enterprise Insight Analysis App Exchange SECURITY OPERATIONS AND RESPONSE MaaS360 INFORMATION RISK AND PROTECTION Trusteer Mobile Trusteer Rapport AppScan Guardium Cloud Security Privileged Identity Manager Identity Governance and Access Cloud Identity Service Key Manager zSecure Trusteer Pinpoint QRadar User Behavior Analytics Our integrated view provides visibility so you can stop insider threats
  • 5. 5 IBM Security Example - Extending UBA with flow data • Detect flow based anomalies • Accessing non-business resources • Accessing unauthorized resources • Potential spam/phishing attempts • Detecting malware infection • Accessing sensitive personal information • Out of policy web usage • Detect DNS anomalies • DGA • Fastflux • Tunneling and exfiltration • End-point infection analytics
  • 6. 6 IBM Security Example - Extending QVM/QRM with UBA data • Prioritize Vulnerabilities based on user risk • Scanning Assets of users above risk thresholds • Degrees of separation to critical assets or information for risk management • Add, modify rules on IPS side to block at user level if user is phished • Augment asset risk based on user risk • Monitor possible attack vectors for Risky users
  • 7. 7 IBM Security Comprehensive data set and open analytics sense malicious users Insider Risk Score SENSE ANALYTICSTM BEHAVIORAL • Pattern identification • User and entity profiling • Statistical analysis • Anomaly detection CONTEXTUAL • Business context • Entity and user context • External threat correlation TIME-BASED • Historical analytics • Real-time analytics • Threat hunting • Threshold rules Users Cloud Applications Applications Data Servers DLP Endpoints Network Threat Intelligence 3rd Party SIEM feeds Other analytics
  • 8. 8 IBM Security Comprehensive data set and open analytics sense malicious users
  • 9. 9 IBM Security IBM QRadar UBA 2.0 • Machine Learning algorithms • Flow based use cases that leverage QNI
  • 10. 10 IBM SecurityIBM INTERNAL & BUSINESS PARTNER USE ONLY IBM QRadar UBA: Detecting anomalous deviations  Monitor users on deviation from normal behavior: • 14 different event categories of QRadar • temporal analysis • time series analysis  Predict range in which the users’ activities should fall  Example anomalous activities detected by these algorithms are: • Abnormal change in user activity (over time) • Abnormal change in user’s authentication or access activity • Deviation from normal risk posture of the user
  • 11. 11 IBM SecurityIBM INTERNAL & BUSINESS PARTNER USE ONLY IBM QRadar UBA: Machine Learning algorithms “Deviations from normal behavior”
  • 12. 12 IBM Security SOC analysts gain speed from user behavior analytics …in the hunt to reduce risks and eliminate threats Easily find malicious behavior Easily acquire, deploy and use Improve analyst efficiency  Detect threats across users and assets leveraging advanced analytics with behavioral patterns  Tap into broad set of internal data sources and threat intelligence  Visibility into the risk posture within hours not days  Download app and install quickly  Identify risky users, behavior and offences in minutes not hours  Reduce overhead on skills and time
  • 13. 13 IBM Security To get most of your UBA - 3 steps to stop harmful insider actions STEP 2: Detect insider threats: Anticipate the risk of malicious actions before they occur and respond when breached STEP 1: Reduce your exposure: Secure your sensitive data and govern your user identities
  • 14. 14 IBM Security Address security gaps insiders exploit with an integrated approach 1. Who has access to sensitive data? 2. Who should have access? 3. Can you control privileged user access to sensitive data? 4. How are your users accessing the data? 1. What data is sensitive? 2. Where is sensitive data stored? 3. Is the right sensitive data being exposed? 4. What risk is associated with sensitive data? 1. What are end users and administrators doing with data? 2. What do normal transaction patterns look like between the user and your sensitive data? 3. How much can you trust each individual user? 4. When should a deviation from “normal” be cause for further investigation?
  • 15. 15 IBM Security  User Behavior Analytics  SIEM  Access management  Identity management & governance  Privileged users management  Data protection  Risk detection & threat analytics  Data activity monitoring Safeguard against harmful insider actions with trusted security expertise, actionable intelligence and powerful technology Security Services  Identify gaps, improve compliance and prioritize security actions  Integrate your capabilities  Security expertise to drive insights
  • 16. 16 IBM Security 3 steps to stop harmful insider actions STEP 2: Detect insider threats. Anticipate the risk of malicious actions before they occur and respond when breached STEP 1: Reduce your exposure. Secure your sensitive data and govern your user identities STEP 3: Get started today. Apply a systematic approach and methodology to your 5-10 most important crown jewel data.
  • 17. 17 IBM Security Getting started: An integrated approach that provides clear, actionable intelligence Prioritize compliance and security actions with risk-based insights from end-to-end mapping of your critical information’s access pathways Analyze user behaviors to detect suspicious activities for further investigation Insider threat protection services from IBM Trusted IBM security specialists can offer the business, data and IAM security experience to help you evaluate intelligence, draw more meaningful conclusions and prepare for next steps.
  • 18. 18 IBM Security IBM puts our insider threat solution into practice with a consistent and repeatable four step operational model with emphasis on high risk assets 1 2 3 4Define Discover Investigate Remediate Define Use Case Identify critical data (crown jewels) Identify privileged users Matching user list Corporate Data Trigger  Machine/ statistical analysis  Resource usage analysis  Policy violation analysis  Top down comparative analysis  Bottom up comparative analysis Anomaly Activity Trigger Potential Threat APP/SYSTEM TRANSACITON LOG APP/SYSTEM CHANGE LOG APP/SYSTEM ACCESS LOG APP/SYSTEM PROCESS EXCEPTION LOG ApplicationsEnterpriseSystems HTTP SITE ACCESS/ DOWNLOAD LOG EMAIL HISTORY/ ATTACHMENTS LOG PC LAPTOP USB/ EXT. HARD DR./CD COPY LOG LYNC CHAT/ DOWNLOAD LOG REMOTE ACCESS LOG PRINTER/FAX LOG PHYSICAL ACCESS LOG EXT. STORAGE ACCESS LOG EXT. EMAIL ACCESS LOG SHARE DRIVE/ POINT ACCESS HISTORY PC/ LAPTOP LOSS/ STOLEN REPORT PC/ LAPTOP CRASH/ REPARE LOG Decision Committee Application Owner/Controller User’s Manager Escalation Corporate/ Legal Action Close Loop/ Remediation PICTURE PC/ LAPTOP SCREEN (CCTV) Insider threat protection services from IBM
  • 19. 19 IBM Security We implemented this solution for one of our global pharma clients to help address concerns about the impact of major re-org on employee morale Project Overview: 1. Identified 7 areas of Information Classification in scope for the project • Finance Management, Financial Transactions, Procurement-Sourcing, HR, Tax, Planning, and Risk Management 2. Out of the 7 areas of Information Classification, identified 11 Confidential “Red” information for use cases • True Cost Data, Process Order, Serialization, Employee SPI, Investigation and Disciplinary, Purchasing and Contractual, Vendor SPI, Customer SPI, Undisclosed Financial Data, Project System 3. Mapped ~ 20% of “Red” data to specific SAP tables, transactions, and roles which expose the information 4. Collected 7 months of SAP transaction logs to analyze user activities across the sensitive transactions identified 5. Identified anomaly activities for further investigation
  • 20. 20 IBM Security During the project, we analyzed sensitive transactions used for the first time on the month leaving the company Data Summary: • 7 months of SAP transaction logs obtained • Termination report obtained 1,984 users • Over 1M lines of transaction log entries captured • Of 1M entries, 56k sensitive transactions used • Of 56k transactions, 885 sensitive transactions were used by users on the terminated report Outcome: • 1st Analysis Finding: 8 users used 10 sensitive transactions for the first time in December 2014 before leaving company 1st Analysis Findings
  • 21. 21 IBM Security Our team also detected sudden and significant increases of users using sensitive transaction on the month leaving the company… risky insiders! Data Summary: • 7 months of SAP transaction logs obtained • Termination report obtained 1,984 users • Over 1M lines of transaction log entries captured • Of 1M entries, 56k sensitive transactions used • Of 56k transactions, 885 sensitive transactions were used by users on the terminated report Outcome: • 2nd Analysis Finding: 7 users show sudden increase in sensitive transaction usage right before the termination 2nd Analysis Findings
  • 22. 22 IBM Security Our experts help deliver Leading security innovation by IBM Research, with over 3,000 security and risk patents Strategic Advising Product Agnostic Recommendations Cognitive-driven Solutions Derive insights from Watson Analytics Award winning IBM Security Systems can provide a full range of integrated security services and products Worldwide Presence Threat visibility from 10 Security Operations Centers monitoring 13-plus billon events per day from 20,000-plus devices Worldwide Subject Matter Expertise over 3,700 security consultants and 3,300 service delivery experts IAM Expertise
  • 23. 23 IBM Security Take action now • Download the whitepaper, “An Integrated Approach to Insider Threat Protection” • Read the blog on using Machine Learning to Detect Anomalies in Users’ Activities Learn more • Call your rep, or reach out to 1 (877) 257-5227 • Experiencing a breach? IBM Incident Response 24x7 Hotline: 1-888-241-9812 Contact IBM Questions? Let us know. Jas Johal Sr. Offering Manager – IAM Services Johal@us.ibm.com Johnny Shin Sr. Executive Consultant- IAM jkshin@us.ibm.com Milan Patel Program Director Security Offerings Management milpatel@us.ibm.com
  • 24. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU