The Threat Intelligence Index helps you understand common attack types. IBM Security Guardium Insights can help protect your data from those attacks.

As data grows and shifts rapidly to the cloud, threat actors are on the prowl now more than ever. The IBM Security X-Force Threat Intelligence Index 2023 reported that for the second year in a row, phishing was the leading infection vector, with 41% of attacks using this method. Additionally, the report found that 6% of attacks involved business email compromise.

A modern data security platform needs to be designed to help companies address their data security and compliance needs. IBM Security Guardium Insights risk-based user experience can be used to better understand and provide context to achieve a clearer story around your data. This solution feeds risk insights into advanced analytics and provides actionable intelligence to help users respond quickly and efficiently to events that occur.​ Read on to see how Guardium Insights can improve your data security and compliance strategy.

What is business email compromise?

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business, both personal and professional.  Attackers know that organizations of all sizes prioritize the security of their emails and, unfortunately, sometimes things get through.

Guardium Insights features

To be prepared, there are several different ways for someone to look to protect themselves. Within Guardium® Insights, we provide a risk-scoring engine. The risk-based dashboard highlights risk events based on database, database user and operating system users.​ This dashboard gives you an at-a-glance view of what’s happening with your organization’s data security and compliance risk. Using this view, the dashboard can properly alert the security team when there has been some sort of anomaly that may be the result of BEC. When one wishes to dig deeper into risk events, ​there will be a banner at the top that will help you understand what the tool can do. If you’d like to reduce noise and apply exclusions, such as excluding test databases, you can do that in the risk-scoring engine as well.

You can also create response rules to automate the handover to your security operations center.  If ​BEC is suspected, the risk level is high, and the event involves a database user who is an admin user, you might want to create a ticket in ServiceNow® for the security team to pursue. 

Addressing risk events

Now, let’s dive into the manual end of risk events to see how you can use the Guardium Insights risk engine further. ​One of the things you might want to do is create a preset to give you a filtered view of your datapoints here. For example, you may want to create a preset that shows the data leaks that are critical. Once you save a preset, you can then shift back and forth between the various preset views of data.

Phishing is a cybercrime in which targets are contacted by someone posing as someone they aren’t to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. If you were investigating a critical risk like a phishing attack, you could explore the details in the Risk events view.​ You can see additional details about what’s happening to your sensitive data within the report.

You could learn more about the phishing incident from the Risk events view. The findings table shows a list of datapoints sorted by time range. You can see the policy violations and outliers.​ You can also click any item to see more information about the specific outlier, policy violation, or anomaly. 

You may also wish to dive into the classification records to see what types of data exists within the data sources. Looking at the data table, you would be able to tell whether there may be some birth certificate and street addresses present (which is private information). Based on the classification records being present, one should want to treat this potential incident carefully.

If you have investigated and determined that there is something to be concerned about, you may need to go ahead and respond. The Respond | Tune button helps you respond tactically to a risk event. ​You could manually create a ticket based on the tools you have already integrated with Guardium Insights, such as ServiceNow or CP4S SOAR.​ Or if you’ve done your investigation and think it’s a false positive, you might want to close the risk event and exclude that event from future profiling. ​Reducing these false positives is essential to finding the signal in the noise and prioritizing your team’s resources.  

Guardium Insights and its powerful risk engine can help you connect the dots of different data points to gain a new level of understanding to assist your business in doing the following:

  • Reduce business silos​
  • Create actionable intelligence​
  • Simplify response​
  • Quickly respond to data risk​

Watch IBM Security Guardium Insights in action:

Check out the 2023 Threat Intelligence Index

With cyberattacks becoming more sophisticated and frequent, it is critical for organizations to understand the tactics employed by threat actors. The IBM Security X-Force Threat Intelligence Index 2023 provides actionable insights to help CISOs, security teams and business leaders proactively protect their organizations. In this landscape, IBM Security Guardium Insights offers a solution to gain visibility, ensure compliance and provide robust data protection throughout the data security lifecycle.

Get started with IBM Security Guardium Insights

To learn more about how your organization can benefit from Guardium Insights, we invite you to check out the following:

Read the full IBM Security X-Force Threat Intelligence Index 2023.


More from Security

Spear phishing vs. phishing: what’s the difference?

5 min read - The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., credit card numbers or social security numbers), downloading malware, visiting malicious websites, sending money to the wrong people, or otherwise themselves, their associates or their employers. Phishing is the most common cybercrime attack vector, or method; 300,479 phishing attacks were reported to the FBI in 2022.…

IBM Tech Now: September 18, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 84 On this episode, we're covering the following topics: The IBM Security X-Force Cloud Threat Landscape Report The introduction of IBM Intelligent Remediation Stay plugged in You can check out the IBM Blog Announcements…

Data breach prevention: 5 ways attack surface management helps mitigate the risks of costly data breaches

5 min read - Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this. According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year. What’s more, it took 277 days to identify and contain a data breach. With…

What is the vulnerability management process?

5 min read - Modern enterprise networks are vast systems of remote and on-premises endpoints, locally installed software, cloud apps, and third-party services. Every one of these assets plays a vital role in business operations—and any of them could contain vulnerabilities that threat actors can use to sow chaos. Organizations rely on the vulnerability management process to head off these cyberthreats before they strike. The vulnerability management process is a continuous process for discovering, prioritizing, and resolving security vulnerabilities across an organization's IT infrastructure. Security vulnerabilities defined…