Know Your Users: Using QRadar SIEM for User Activity Monitoring
You know that QRadar SIEM excels at collecting, correlating and reporting on unusual activity, but have you ever wondered how it performs user activity monitoring? Or what value this would have for your organization?
In this new 8-minute YouTube demo, we look at how the integration of identity and access management data enables real-time user activity monitoring. We show how QRadar can identify risky or abnormal activity of user groups such as employees with privileged access, contractors, or terminated employees.
What value would user activity monitoring provide? You might care about a number of use cases:
- A terminated employee taking action on your network (if terminated, how is he or she still on your network?)
- A privileged employee accessing databases she doesn’t usually access (is she performing malicious activity? was her account compromised by an attacker? or did her responsibilities just change?)
- Is an employee from one geography, who does not travel for business, seen performing activity in a different geography? (was his account taken over?)
- Is a contractor accessing a database or application that he doesn’t require for his job? Can he be trusted? do his actions require closer monitoring?
- And many more exmples specific to your business.
Without a SIEM solution that can correlate identity and access management data with network activity in real time, most organizations would miss these risks. But QRadar provides the visibility to know whenever a user performs activity that is risky or abnormal. Whether you want to be alerted to security and risk incidents in real-time or view automated reports periodically, QRadar makes it easy to take a proactive stance toward user risks and improve your security posture.
For more information, visit the Q1 Labs Resource Center today.