The Threat Intelligence Index helps you understand common attack types. IBM Security Guardium Insights can help protect your data from those attacks.
As data grows and shifts rapidly to the cloud, threat actors are on the prowl now more than ever. The IBM Security X-Force Threat Intelligence Index 2023 reported that for the second year in a row, phishing was the leading infection vector, with 41% of attacks using this method. Additionally, the report found that 6% of attacks involved business email compromise.
A modern data security platform needs to be designed to help companies address their data security and compliance needs. IBM Security Guardium Insights risk-based user experience can be used to better understand and provide context to achieve a clearer story around your data. This solution feeds risk insights into advanced analytics and provides actionable intelligence to help users respond quickly and efficiently to events that occur. Read on to see how Guardium Insights can improve your data security and compliance strategy.
What is business email compromise?
Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business, both personal and professional. Attackers know that organizations of all sizes prioritize the security of their emails and, unfortunately, sometimes things get through.
Guardium Insights features
To be prepared, there are several different ways for someone to look to protect themselves. Within Guardium® Insights, we provide a risk-scoring engine. The risk-based dashboard highlights risk events based on database, database user and operating system users. This dashboard gives you an at-a-glance view of what’s happening with your organization’s data security and compliance risk. Using this view, the dashboard can properly alert the security team when there has been some sort of anomaly that may be the result of BEC. When one wishes to dig deeper into risk events, there will be a banner at the top that will help you understand what the tool can do. If you’d like to reduce noise and apply exclusions, such as excluding test databases, you can do that in the risk-scoring engine as well.
You can also create response rules to automate the handover to your security operations center. If BEC is suspected, the risk level is high, and the event involves a database user who is an admin user, you might want to create a ticket in ServiceNow® for the security team to pursue.
Addressing risk events
Now, let’s dive into the manual end of risk events to see how you can use the Guardium Insights risk engine further. One of the things you might want to do is create a preset to give you a filtered view of your datapoints here. For example, you may want to create a preset that shows the data leaks that are critical. Once you save a preset, you can then shift back and forth between the various preset views of data.
Phishing is a cybercrime in which targets are contacted by someone posing as someone they aren’t to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. If you were investigating a critical risk like a phishing attack, you could explore the details in the Risk events view. You can see additional details about what’s happening to your sensitive data within the report.
You could learn more about the phishing incident from the Risk events view. The findings table shows a list of datapoints sorted by time range. You can see the policy violations and outliers. You can also click any item to see more information about the specific outlier, policy violation, or anomaly.
You may also wish to dive into the classification records to see what types of data exists within the data sources. Looking at the data table, you would be able to tell whether there may be some birth certificate and street addresses present (which is private information). Based on the classification records being present, one should want to treat this potential incident carefully.
If you have investigated and determined that there is something to be concerned about, you may need to go ahead and respond. The Respond | Tune button helps you respond tactically to a risk event. You could manually create a ticket based on the tools you have already integrated with Guardium Insights, such as ServiceNow or CP4S SOAR. Or if you’ve done your investigation and think it’s a false positive, you might want to close the risk event and exclude that event from future profiling. Reducing these false positives is essential to finding the signal in the noise and prioritizing your team’s resources.
Guardium Insights and its powerful risk engine can help you connect the dots of different data points to gain a new level of understanding to assist your business in doing the following:
- Reduce business silos
- Create actionable intelligence
- Simplify response
- Quickly respond to data risk
Watch IBM Security Guardium Insights in action:
Check out the 2023 Threat Intelligence Index
With cyberattacks becoming more sophisticated and frequent, it is critical for organizations to understand the tactics employed by threat actors. The IBM Security X-Force Threat Intelligence Index 2023 provides actionable insights to help CISOs, security teams and business leaders proactively protect their organizations. In this landscape, IBM Security Guardium Insights offers a solution to gain visibility, ensure compliance and provide robust data protection throughout the data security lifecycle.
Get started with IBM Security Guardium Insights
To learn more about how your organization can benefit from Guardium Insights, we invite you to check out the following:
Read the full IBM Security X-Force Threat Intelligence Index 2023.