Frequently asked questions

Get answers to the most commonly asked questions about this product.

Insider threat is a term for a threat to an organization's security or data that comes from within. Insider threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, customers or people with compromised credentials

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities. UBA technologies analyze historical data logs collected and stored SIEM systems to identify patterns of traffic caused by user behaviors, both normal and malicious.

Machine learning is a subset of artificial intelligence that provides systems the ability to automatically learn and improve from experience without being explicitly programmed.

Machine Learning algorithms can be levereged to learn the patterns of a users' behavior based on their normal activities over the past; and when it detects any deviation from the normal it is classified and marked as anomalous behavior.

Some top use cases for UBA include users turning malicious, deviating from normal roles or peer group activity, data exfiltration, and compromised credentials

UBA gives a lense to analyze all the events, logs and flows generated by employee activities from each individual employee. Thereby giving the security analysts a view into any malicious or suspicious activity that any individual may be engaging in.

Yes. If running on a QRadar console, the UBA app requires a minimum of 64 GB or up to 128 GB of memory. Additionally, consider the deployment of an App Host to get full benefits of running the UBA app with the machine learning app enabled.

UBA integrates directly into the QRadar Security Analytics solution, leveraging the existing QRadar user interface and database. All enterprise-wide security data can remain in one central location, and analysts can tune rules, generate reports and connect data without having to learn a new system.

Since UBA shares the same underlying database as QRadar, any data source that is ingested in QRadar can be surfaced and leveraged for UBA including IAM,

UBA is packaged as a collection of 3 apps, 1 LDAP app that helps ingest and coalesce users' identity information, 1 UBA app that helps visualize data and analytics and 1 ML app that provides a livbrary of machine learning algorithms used to create behavioral models of users' activities.

Anomaly detection is a technique used to identify unusual patterns that do not conform to expected behavior and differ significantly from the majority of the data.

A risk score is the numeric measure of the potential harmfulness of a users' acvitivity. Each anomalous behavior that is detected by UBA is impacts an individual user's risk score.

Machine Learning algorithms ingest the past 4 weeks of data from the shared QRadar database and typically takes anywhere from 3 to 24 hours to build the models of normal behavior.

While UBA does not directly leverage the Watson for Cybersecurity APIs, it can leverage insights from integration with QRadar Advisor with Watson to automate the investigation of a user's activity.

The User Behavior Analytics app can be deployed in on-premise QRadar, in QRadar on Cloud, or in any IaaS or hybrid deployments.

The User Behavior Analytics app is offered to QRadar clients at no additional cost.

Clients will not need to upgrade their QRadar deployments as long as it meets minimum system requirements.

The User Behavior Analytics app is fully supported by IBM Support.

Find out more

IBM Support has dedicated resources who can help with high priority issues. The UBA app includes a Help and Support section for using the UBA app, LDAP app, and Machine Learning Analytics app

As with all QRadar applications and modules, the data is encrypted at rest.

Complimentary courses are available on the Security Learning Academy, and include learning paths for both QRadar admins and analysts.

A guided lab environment is available on the IBM Security Learning Academy, which demonstrates how UBA can help analysts detect malicious user behavior. The lab also walks through the investigation process and demonstrates the integration with QRadar Advisor with Watson.

See how it works

Learn more