April 19, 2023 By Katie Schwarzwalder 4 min read

The Threat Intelligence Index helps you understand common attack types. IBM Security Guardium Insights can help protect your data from those attacks.

As data grows and shifts rapidly to the cloud, threat actors are on the prowl now more than ever. The IBM Security X-Force Threat Intelligence Index 2023 reported that for the second year in a row, phishing was the leading infection vector, with 41% of attacks using this method. Additionally, the report found that 6% of attacks involved business email compromise.

A modern data security platform needs to be designed to help companies address their data security and compliance needs. IBM Security Guardium Insights risk-based user experience can be used to better understand and provide context to achieve a clearer story around your data. This solution feeds risk insights into advanced analytics and provides actionable intelligence to help users respond quickly and efficiently to events that occur.​ Read on to see how Guardium Insights can improve your data security and compliance strategy.

What is business email compromise?

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business, both personal and professional.  Attackers know that organizations of all sizes prioritize the security of their emails and, unfortunately, sometimes things get through.

Guardium Insights features

To be prepared, there are several different ways for someone to look to protect themselves. Within Guardium® Insights, we provide a risk-scoring engine. The risk-based dashboard highlights risk events based on database, database user and operating system users.​ This dashboard gives you an at-a-glance view of what’s happening with your organization’s data security and compliance risk. Using this view, the dashboard can properly alert the security team when there has been some sort of anomaly that may be the result of BEC. When one wishes to dig deeper into risk events, ​there will be a banner at the top that will help you understand what the tool can do. If you’d like to reduce noise and apply exclusions, such as excluding test databases, you can do that in the risk-scoring engine as well.

You can also create response rules to automate the handover to your security operations center.  If ​BEC is suspected, the risk level is high, and the event involves a database user who is an admin user, you might want to create a ticket in ServiceNow® for the security team to pursue. 

Addressing risk events

Now, let’s dive into the manual end of risk events to see how you can use the Guardium Insights risk engine further. ​One of the things you might want to do is create a preset to give you a filtered view of your datapoints here. For example, you may want to create a preset that shows the data leaks that are critical. Once you save a preset, you can then shift back and forth between the various preset views of data.

Phishing is a cybercrime in which targets are contacted by someone posing as someone they aren’t to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. If you were investigating a critical risk like a phishing attack, you could explore the details in the Risk events view.​ You can see additional details about what’s happening to your sensitive data within the report.

You could learn more about the phishing incident from the Risk events view. The findings table shows a list of datapoints sorted by time range. You can see the policy violations and outliers.​ You can also click any item to see more information about the specific outlier, policy violation, or anomaly. 

You may also wish to dive into the classification records to see what types of data exists within the data sources. Looking at the data table, you would be able to tell whether there may be some birth certificate and street addresses present (which is private information). Based on the classification records being present, one should want to treat this potential incident carefully.

If you have investigated and determined that there is something to be concerned about, you may need to go ahead and respond. The Respond | Tune button helps you respond tactically to a risk event. ​You could manually create a ticket based on the tools you have already integrated with Guardium Insights, such as ServiceNow or CP4S SOAR.​ Or if you’ve done your investigation and think it’s a false positive, you might want to close the risk event and exclude that event from future profiling. ​Reducing these false positives is essential to finding the signal in the noise and prioritizing your team’s resources.  

Guardium Insights and its powerful risk engine can help you connect the dots of different data points to gain a new level of understanding to assist your business in doing the following:

  • Reduce business silos​
  • Create actionable intelligence​
  • Simplify response​
  • Quickly respond to data risk​

Watch IBM Security Guardium Insights in action:

Check out the 2023 Threat Intelligence Index

With cyberattacks becoming more sophisticated and frequent, it is critical for organizations to understand the tactics employed by threat actors. The IBM Security X-Force Threat Intelligence Index 2023 provides actionable insights to help CISOs, security teams and business leaders proactively protect their organizations. In this landscape, IBM Security Guardium Insights offers a solution to gain visibility, ensure compliance and provide robust data protection throughout the data security lifecycle.

Get started with IBM Security Guardium Insights

To learn more about how your organization can benefit from Guardium Insights, we invite you to check out the following:

Read the full IBM Security X-Force Threat Intelligence Index 2023.

Was this article helpful?

More from Security

Enhancing data security and compliance in the XaaS Era 

2 min read - Recent research from IDC found that 85% of CEOs who were surveyed cited digital capabilities as strategic differentiators that are crucial to accelerating revenue growth. However, IT decision makers remain concerned about the risks associated with their digital infrastructure and the impact they might have on business outcomes, with data breaches and security concerns being the biggest threats.   With the rapid growth of XaaS consumption models and the integration of AI and data at the forefront of every business plan,…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters