New Niara UEBA Enhancements Help Reduce Security Team Anxieties by Accelerating Detection and Response for Internally Targeted Attacks
Just after last week’s acquisition of user and entity behavioral analytics (UEBA) company named Niara, Aruba, a Hewlett Packard Enterprise company, announces to foster its dedication to delivering innovation in the security space.
The companies has jointly introduced new capabilities for the Niara behavioral analytics solution to better protect data and high-value corporate assets.
The latest Niara enhancements are known to be designed to eliminate security concerns caused by one of the most significant challenges facing security teams. When advanced, next-generation attacks breach perimeter-based security systems such as firewalls and security information event managers (SIEMs).
These types of attacks typically go undetected and have unrestricted access across an organization’s entire infrastructure, resulting in significant risks to conventional users and devices, as well as to Internet of Things (IoT) that are used to control equipment on factory floors and smart buildings.
To help address these issues, new Niara machine-learning and incident investigation workflow features, including:
- Adaptive Learning and Analyst Playbooks, enable more precise attack detection for high-value assets and devices and users, resulting in faster decision making for remediation and response.
- When these new Niara features are combined with Aruba’s industry-leading ClearPass Policy Manager, individual incidents that reach a certain risk score within the Niara solution (ranging from 1 to 100) can use pre-defined ClearPass policies to automatically quarantine, or completely shut off network access, providing security teams with additional time to thoroughly investigate the incidents.
“It’s no secret that today’s advanced threats are more easily penetrating legacy perimeter security systems and, once inside, have complete, unfettered access to multitudes of corporate data, as well as IoT devices that control many operations within factories and buildings,” said Robert Westervelt, security research manager at IDC. “Firewalls, security information management systems, and other perimeter systems remain highly useful and necessary weapons against attacks. However, interior-based solutions that leverage behavioral analysis, combined with policy enforcement solutions that work harmoniously with the majority of perimeter-based tools, are today’s best-available ‘one-two punch’ defense.”
Niara 2.0 implements new machine learning and incident investigation techniques, allowing security analysts to focus their attention on the highest priority threats for rapid response.
Adaptive Learning is a breakthrough implementation of the Niara machine learning algorithms across two dimensions:
- Analysts can change the severity level of each alert type at a user or device level. Through such input, the analyst can shape how the alert should be treated in the overall computation of the risk score.
- Analysts can label an alert as a “true anomaly” or “authorized exception”. This information is incorporated into each model’s continuous learning loop, and allows for ongoing improvements in the model’s accuracy. For example, analyst input into authorized exceptions will ensure that the solution does not trigger alerts for the affected entity on this dimension going forward.
“For security and network infrastructure teams, it’s a never-ending war against hackers,” said Vinay Anand, vice president and general manager of ClearPass Security, at Aruba. “New features built into the Niara security solution are providing enterprises with the equivalent of precision-guided missiles that work closely together with perimeter-based systems to better protect data and other corporate assets against current and future next-gen hacker attacks. With Niara, Aruba is the only security vendor that can identify potential threats and immediately take action to shut down an incident before damage occurs.”
“The pace of our standalone UEBA and security analytics product innovation is accelerating with the support of the Aruba integration team,” said Sriram Ramachandran, CEO, Niara. “Now that we are an essential part of the ClearPass security portfolio, we remain committed to providing an open, complementary multi-vendor solution, designed to enhance the value of a customer’s perimeter security investments.”