CodeOne
Company
About Us
Company History
Major Certifications and Awards
Clients
Contact Us
Products
AppScan Management System
Sentinelle
Codeone Extinelle
HCL AppScan
HCL AppScan Standard
HCL AppScan Source
HCL AppScan Enterprise
IBM Security Qradar
IBM Security Qradar SIEM
IBM Security Qradar SOAR
IBM Security QRadar UBA
OpenText
Open Text Fortify Sonatype
Open Text Fortify SCA
Open Text Fortify SSC
Open Text Loadrunner
Group-IB
Group-IB ASM
Research
Security Research Lab
Research Areas
Research Lab Composition
Partners
IBM
HCL
OpenText
Paloalto
Group-IB
Services
System vulnerability diagnosis
Source code vulnerability diagnosis
Web Vulnerability Diagnosis
언어 선택

IBM

QRadar UBA

What is QRadar UBA?

QRadar UBA

IBM Security QRadar UBA helps you proactively monitor and respond to internal threats from an integrated perspective.

Analyzing user behavior abnormalities, detecting compromised confidential information or malware, through comprehensive data sets and Sense Analytics

Suspicious users are detected and information asset monitoring is visualized through a dashboard.

Why UBA?

The need for QRadar UBA

Product introduction

Product Features

detect

analyze

1. Detect suspicious users with comprehensive data sets and Sense Analytics

human
Insider Risk Score
up
Behavior-based
  • Pattern recognition
  • User and entity profiling
  • statistical analysis
  • Anomalous detection
Context-based
  • business context
  • Entities and user context
  • External threat correlation analysis
time based
  • Historical analysis
  • Real-time analysis
  • threat hunting
  • Threshold-based rules
User applications, cloud applications, networks, data, servers, DLP, endpoints, threat intelligence

Product introduction

Main features

IBM User Behavior Analytics dashboard

IBM User Behavior Analytics dashboard

[User behavior risk trends]

IBM User Behavior Analytics dashboard

[Individual user details]

Visualization of user behavior distribution – machine learning application

Visualization of user behavior distribution – machine learning applicationVisualization of user behavior distribution – machine learning application

Create statistical models of individual user behavior and then identify the number and timing of unusual actions or changes in specific categories of events.

Visualization of user behavior distribution – machine learning application

Through monitoring user behavior, the index of the role held by the user is identified. In the picture above, each color represents a different role. The index deviation of individual roles is an increase or decrease in the distribution of user roles, making it easy for analysts to identify strange actions used even when unnecessary.

Visualization of user behavior distribution – machine learning application

This analytics model models the immediate onset of user behavior, predicting that normal user behavior will be relatively consistent across seconds on the minute scale and minutes on the hour scale. If abnormal behavior is repeated at regular intervals, it is displayed as a hotspot (dark area) as shown in the picture on the right above.

Visualization of user behavior distribution – machine learning application

User peer groups can be identified by an index of roles or a defined set of roles. These peer groups are utilized to identify whether the user's behavior has changed. This identification is indicated by the dark bands in the picture above, with red representing the dominance of new peers and dark black representing lost peers.

Product introduction

expected effect

Increase SOC Analyst Productivity

Easily detect malicious behavior
- Detect threats across users and assets using enhanced analytics along with anomalous behavior patterns
- Provides a menu for easy access to internal data sources and threat intelligence
Easy to install and use
- Visualize dangerous conditions within a few hours of installation
- Download and install the app quickly (free for QRadar customers)
Improve analysis efficiency
- Identify at-risk users or abnormal behavior and reflect it in offense within minutes
- Reduces the burden of acquiring and acquiring the skills required to use the product

Effects of using machine learning

Risk Posture
By learning the risk score according to the user
Analyze trends in risk scores over time
Learning the usual risk score and applying weight to the risk score to reduce false positives
If the risk score increases or decreases differently than usual, the user's risk score is analyzed in detail based on this.
Total Activity
All logs and network information collected
Learn based on your users
Check the possibility of abnormal behavior based on the results of monitoring the sum of user behavior over a relatively long period of time
User Activity
by Category
Collected user behavior rather than rule-based
Divide learning into high-level categories of 18+
The total sum of user actions may be constant, but check for changes in distribution within high-level categories.
Activity
Distribution
Hundreds of low-level user actions
Learn by dividing into categories
By analyzing the distribution of user behavior throughout the day, check whether user behavior is different from what was expected by time period.
Peer Group
User behavior based on low-level categories
Analyze it to find similar categories or
Estimate peer group based on
Users with the same role can be assumed to have a similar distribution, so if an employee in another organization or with a different mission shows similar behavior to an employee in that organization, you can be suspicious and determine the reason.