Detects insider threats based on user behavioral anomalies
User behavior analysis and fine-grained machine learning algorithms can detect when users deviate from normal activity patterns or behave differently from their peers. QRadar UBA creates a baseline of normal activity and detects significant deviations to expose both malicious insiders and users whose credentials have been compromised by cyber criminals.
Generates detailed risk scores for individual users
Risk scores dynamically change based on user activity, and high-risk users can be added to a watch list. Security analysts can easily drill down to view the actions, offenses, logs and flow data that contributed to a person’s risk score. This helps shorten the investigation and response times associated with insider threats.
Integrates seamlessly with QRadar Security Analytics
QRadar UBA integrates directly into the QRadar Security Analytics solution, leveraging the existing QRadar user interface and database. All enterprise-wide security data can remain in one central location, and analysts can tune rules, generate reports and integrate with complementary Identity and Access Management solutions – all without having to learn a new system or build a new integration.
How customers use it
Users will need a QRadar SIEM console with 128 GB of memory.
You must install IBM Security QRadar V7.2.7 or later before you install the QRadar UBA app.