While outside security threats are on every business’ radar today, security leaders also need to keep a constant eye on internal threats.
IBM is aiming to help its clients do just that with a new app for its IBM QRadar Security Intelligence Platform, which analyzes the usage patterns of employees, contractors and partners, to help determine whether credentials or systems are compromised by cybercriminals.
The free app is available via the IBM Security App Exchange, and acts as an xtension pf IBM QRadar, offering early visibility into potential insider threats, hopefully before they can do major damage.
“Organizations need a better way to protect themselves against insider threats – whether they be from inadvertent actors or malicious cybercriminals with access to an organization’s inner workings and technology systems,” said Jason Corbin, VP of strategy and offering management for IBM Security. “This new app provides analysts with the ability to quickly pivot by using existing cybersecurity data to see the early warning signs that are often buried in suspicious user activities, ultimately helping them more consistently address breaches before they occur.”
IBM estimates that insider threats are responsible for approximately 60% of attacks against businesses, with 25% of those resulting from credentials getting in the hands of cyber criminals, thanks to employees, contractors or others who fall victim to things like malware-laden phishing attacks. IBM’s new app alerts analysts to users logging into high-value servers for the first time; from a new location; or while using a privileged account.
IBM stresses that the integration of the new app can help save security analysts from reloading and curating data from multiple platforms, in order to identify user behavior. Risk analysis profiles, a prioritized behavioral analysis dashboard, enhanced existing QRadar security data, and more are included in the app.