July 27, 2016 By Milan Patel 3 min read

Cybersecurity incidents are not only increasing, but they are also becoming more destructive and targeting a broader array of institutes and information. At the core of all the malicious activities occurring in your network lies a user. Generally referred to as insiders, users may be employees, contractors or even legitimate users with exploitable compromised credentials.

Security operations center (SOC) analysts need to implement behavior analytics solutions to observe and understand these insiders’ activities, behavior, asset usage and access to intellectual property. They need to find the regularities and patterns hidden in user behavior to unlock potential threats and risks to the intellectual property they hope to protect.

To date, organizations have focused on protecting their IT environments from external threats and have thus invested heavily in perimeter defense. But the tools designed to protect the perimeter are largely ineffective in detecting and deterring insider threats.

Understanding Insider Threats

Attacks from within have become a critical concern for most organizations, with studies indicating that insiders are responsible for up to 60 percent of security offenses.

Attacks involving internal users are a unique challenge for organizations. According to the Harvard Business Review, “insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity. The damage they cause may include suspension of operations, loss of intellectual property, reputational harm, plummeting investor and customer confidence, and leaks of sensitive information to third parties, including the media.”

Regardless of whether malicious employees, dishonest contractors or unintentional actions are responsible for these attacks, insider threats must be addressed rapidly and effectively.

Detecting Malicious Behavior

Privileged users and high-priority assets need to be monitored to identify irregular activities since these actions could be signs of an insider threat. Risky behaviors must be noted, and then those users assessed, prioritized and monitored on an ongoing basis. Finally, corrective action must be taken to address the threat.

Security teams today are hampered with too many tools from too many vendors, as well as overly complex processes. This makes for a daunting challenge for the SOC analyst, who must pull the data together and get the right visibility into the users’ activities, behaviors and the assets they access. Much of this work has to be done manually. This creates a delay that allows perpetrators to do plenty of damage before analysts are able to detect pernicious activity.

Keeping the constraints and realities of today’s security operations in mind, security teams should look for user behavior analytics (UBA) capabilities designed to simplify overly complex security operations. For example, you should be able to leverage the logs and flow data that are already curated and loaded in your security intelligence and event management (SIEM) platform to deliver rapid insights and actions. This helps SOC analysts maintain consistent visibility into users, assets and threats.

Simplifying Behavior Analytics

IBM integrates UBA into its SIEM platform and delivers the capability via an app on the App Exchange. SOC analysts do not have to learn a new tool; the UBA app leverages the curated log and flow data already in the SIEM platform, speeding time to insights.

The app’s purpose-built, out-of-the box anomaly detection, behavioral rules and analytics detect changes in user behavior and deliver continued visibility into anomalous activities. By streamlining monitoring, detection and investigation, the app helps security analysts become more productive and manage insider threats more efficiently. With just a few clicks of the mouse, they can analyze behavior patterns, score users’ risk and focus on specific insiders to investigate or add to a watch list.

This helps SOC analysts uncover malicious behavior easily. Integrating UBA into the SIEM platform improves overall security operations, investigation and response — and makes SIEM a much better security operations platform.

Read the solution brief: Beat insider threats with integrated user behavior analytics

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today