With the ever-growing volume of cyber-attacks on organizations, security analysts require effective visual interfaces and interaction techniques to detect security breaches and, equally importantly, to efficiently share threat information. To support this need, we present a tool called ?User Behavior Analytics? (UBA) that conducts continuous analysis of individuals' usage of their organizational IT networks, and effectively visualizes the associated security exposures of the organization. The UBA tool was developed as an extension of IBM?s security analytics environment, and incorporates a risk-focused dashboard that highlights anomalous user behaviors and the aggregated risk levels associated with individual users, user groups, and overall system security state. Moreover, the tool?s dashboard has been designed to facilitate rapid review of security incidents and correlate them with data from various sources such as user directory and HR systems. In doing so, the tool presents busy security analysts with an effective means to visually identify and respond to cyber threats on the organization's crown jewels.
[1]
Malek Ben Salem,et al.
A Survey of Insider Attack Detection Research
,
2008,
Insider Attack and Cyber Security.
[2]
Philip A. Legg,et al.
Visualizing the insider threat: challenges and tools for identifying malicious user activity
,
2015,
2015 IEEE Symposium on Visualization for Cyber Security (VizSec).
[3]
Jean-Marc Seigneur,et al.
A Survey of User-centric Identity Management Technologies
,
2007,
The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).