July 27, 2016 By Milan Patel 3 min read

Cybersecurity incidents are not only increasing, but they are also becoming more destructive and targeting a broader array of institutes and information. At the core of all the malicious activities occurring in your network lies a user. Generally referred to as insiders, users may be employees, contractors or even legitimate users with exploitable compromised credentials.

Security operations center (SOC) analysts need to implement behavior analytics solutions to observe and understand these insiders’ activities, behavior, asset usage and access to intellectual property. They need to find the regularities and patterns hidden in user behavior to unlock potential threats and risks to the intellectual property they hope to protect.

To date, organizations have focused on protecting their IT environments from external threats and have thus invested heavily in perimeter defense. But the tools designed to protect the perimeter are largely ineffective in detecting and deterring insider threats.

Understanding Insider Threats

Attacks from within have become a critical concern for most organizations, with studies indicating that insiders are responsible for up to 60 percent of security offenses.

Attacks involving internal users are a unique challenge for organizations. According to the Harvard Business Review, “insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity. The damage they cause may include suspension of operations, loss of intellectual property, reputational harm, plummeting investor and customer confidence, and leaks of sensitive information to third parties, including the media.”

Regardless of whether malicious employees, dishonest contractors or unintentional actions are responsible for these attacks, insider threats must be addressed rapidly and effectively.

Detecting Malicious Behavior

Privileged users and high-priority assets need to be monitored to identify irregular activities since these actions could be signs of an insider threat. Risky behaviors must be noted, and then those users assessed, prioritized and monitored on an ongoing basis. Finally, corrective action must be taken to address the threat.

Security teams today are hampered with too many tools from too many vendors, as well as overly complex processes. This makes for a daunting challenge for the SOC analyst, who must pull the data together and get the right visibility into the users’ activities, behaviors and the assets they access. Much of this work has to be done manually. This creates a delay that allows perpetrators to do plenty of damage before analysts are able to detect pernicious activity.

Keeping the constraints and realities of today’s security operations in mind, security teams should look for user behavior analytics (UBA) capabilities designed to simplify overly complex security operations. For example, you should be able to leverage the logs and flow data that are already curated and loaded in your security intelligence and event management (SIEM) platform to deliver rapid insights and actions. This helps SOC analysts maintain consistent visibility into users, assets and threats.

Simplifying Behavior Analytics

IBM integrates UBA into its SIEM platform and delivers the capability via an app on the App Exchange. SOC analysts do not have to learn a new tool; the UBA app leverages the curated log and flow data already in the SIEM platform, speeding time to insights.

The app’s purpose-built, out-of-the box anomaly detection, behavioral rules and analytics detect changes in user behavior and deliver continued visibility into anomalous activities. By streamlining monitoring, detection and investigation, the app helps security analysts become more productive and manage insider threats more efficiently. With just a few clicks of the mouse, they can analyze behavior patterns, score users’ risk and focus on specific insiders to investigate or add to a watch list.

This helps SOC analysts uncover malicious behavior easily. Integrating UBA into the SIEM platform improves overall security operations, investigation and response — and makes SIEM a much better security operations platform.

Read the solution brief: Beat insider threats with integrated user behavior analytics

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today