Visualizing insider threats: An effective interface for security analytics

Abstract

With the ever-growing volume of cyber-attacks on organizations, security analysts require effective visual interfaces and interaction techniques to detect security breaches and, equally importantly, to efficiently share threat information. To support this need, we present a tool called "User Behavior Analytics" (UBA) that conducts continuous analysis of individuals' usage of their organizational IT networks, and effectively visualizes the associated security exposures of the organization. The UBA tool was developed as an extension of IBM's security analytics environment, and incorporates a risk-focused dashboard that highlights anomalous user behaviors and the aggregated risk levels associated with individual users, user groups, and overall system security state. Moreover, the tool's dashboard has been designed to facilitate rapid review of security incidents and correlate them with data from various sources such as user directory and HR systems. In doing so, the tool presents busy security analysts with an effective means to visually identify and respond to cyber threats on the organization's crown jewels. Copyright is held by the author/owner(s).