IBM QRradar UBA
Offer a reference bonus
2.00

IBM QRradar UBA

IBM

ROI-
USD
Using6
Selling5

PitchIBM QRadar UBA - приложение для опережающего выявления угроз, анализирующее шаблоны поведения внутренних пользователей, выявляя идентификационные данные или системы, взломанные злоумышленниками.

Product features

Description

IBM QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user’s credentials have been compromised. As a component of the QRadar Security Intelligence Platform, QRadar UBA adds user context to network, log, vulnerability and threat data to more quickly and accurately detect attacks. Security analysts can easily see risky users, view their anomalous activities and drill down into the underlying log and flow data that contributed to a user’s risk score. QRadar is available in the IBM Security App Exchange and can be downloaded and installed in minutes.

Capabilities:

Gain visibility into insider threats. Guard against rogue insiders and cyber criminals using compromised credentials. Uncover anomalous behaviors, lateral movement, threats and data exfiltration─with a user focus.

Extend QRadar security features. The UBA dashboard is an integrated part of the QRadar console and helps extend capabilities of the QRadar Security Intelligence Platform.

Improve analyst productivity. Easily identify risky users. Apply machine learning and behavioral analytics to QRadar security data, calculate users’ risk scores and only raise alerts on high risk incidents to reduce alert fatigue.

Accelerate time to value. Generate meaningful insights within 24 hours. QRadar clients can download and install the UBA app quickly and easily from the IBM Security App Exchange.

Feature spotlights:

Detects insider threats based on user behavioral anomalies

User behavior analysis and fine-grained machine learning algorithms can detect when users deviate from normal activity patterns or behave differently from their peers. QRadar UBA creates a baseline of normal activity and detects significant deviations to expose both malicious insiders and users whose credentials have been compromised by cyber criminals.

Generates detailed risk scores for individual users

Risk scores dynamically change based on user activity, and high-risk users can be added to a watch list. Security analysts can easily drill down to view the actions, offenses, logs and flow data that contributed to a person’s risk score. This helps shorten the investigation and response times associated with insider threats.

Integrates seamlessly with QRadar Security Analytics

QRadar UBA integrates directly into the QRadar Security Analytics solution, leveraging the existing QRadar user interface and database. All enterprise-wide security data can remain in one central location, and analysts can tune rules, generate reports and integrate with complementary Identity and Access Management solutions – all without having to learn a new system or build a new integration.

Available from the IBM Security App Exchange

QRadar UBA is packaged as a downloadable app that is independent of the platform’s formal release cycles. All current QRadar clients can add this app to QRadar version 7.2.7 or higher to begin seeing a user-centric view of activity within their networks.

Problems that the product solves

Customer fraud

Employee personal use of corporate IT during working hours

Unauthorized access to corporate IT systems and data

Non-compliant with IT security requirements

Risk of data loss or damage

Risk of lost access to data and IT systems

Risk of attacks by hackers

Risk or Leaks of confidential information

Values

Ensure Security and Business Continuity

Reduce Costs

Ensure Compliance

Characteristics (UEBA - User and Entity Behavior Analytics)

Hadoop

N/A

Clouds

N/A

On-premises software

Avaliable

Advanced Analytics

Avaliable

Incident Response

Avaliable

Machine Learning

Avaliable

Deep Learning

N/A

Visibility into users via reports and dashboards

N/A

Near real-time alerts

N/A

Forensic Tools

N/A

Customizable notification

N/A

Role based reports

Avaliable

Threat Intelligence reports

Avaliable

Licensing model all based on identity

N/A

Technologies integration

SIEM

Log collection from SaaS apps

N/A

Logs and User context data from Active directory

Avaliable

Logs from endpoint security solutions

N/A

Network flow/Packet data

N/A

Unstructured contextual data

N/A

Log collection from OS, apps, services

N/A

Meta data from electronic communications

N/A

Statistical models

N/A

Modelling based rules and signatures

Avaliable

Catching users with anomaly behavior on start by baselining model на старте

Avaliable

System adaptation to user's dynamic role changes

Avaliable

Competitive products

prev
next