30 Nov Niara Joins HPE Aruba ClearPass Exchange Partner Program to Reduce the Window of Vulnerability Between Attack Detection and Response
Bi-directional Integration Leverages Niara’s UEBA Machine Learning Analytics and Aruba ClearPass’ Automated Policy-Based Remediation for Closed-loop Protection of Users, Systems and Devices
Sunnyvale, CA – November 30, 2016 – Niara, a recognized leader in User and Entity Behavior Analytics (UEBA) today announced that it has joined the Aruba ClearPass Exchange Partner program. The program enables Niara to leverage Aruba’s ClearPass REST-based APIs, Syslog messaging and ClearPass Extensions capabilities to deliver end-to-end attack detection, remediation and endpoint correction.
This announcement follows the HPE Aruba announcement today highlighting the role of partners in managing and securing users, devices (traditional and IoT), and infrastructure.
Niara detects compromised users, systems or devices by utilizing supervised and unsupervised machine learning models that can detect telltale changes in typical IT access and usage. When these subtle signals are aggregated and put into context over time, the presence of a gestating attack is clear. Until now, these targeted attacks that use legitimate credentials co-opted by malicious outsiders stayed “under the radar” by moving slowly in small but deliberate steps.
“The most damaging attacks are no longer detected by traditional security products that rely on signatures, rules and pattern matching,” said Vinay Anand, Vice President and GM for ClearPass Security at Aruba, a Hewlett Packard Enterprise company. “With Niara’s machine learning, even small changes in device behavior are easily identified. By signaling Aruba ClearPass for policy enforcement, participating botnets and other types of damaging behavior initiated from connected devices can be stopped in near real time via automated workflows.”
Niara creates a profile of every device that connects to the network and continuously monitors for behavioral anomalies. With Aruba ClearPass integration, Niara alerts can trigger policy-based actions automatically to force a re-authorization of the device using multi-factor authentication or full quarantining which helps contain the danger until an analyst can follow up. Simultaneously, Aruba ClearPass can send a message to the device’s user, the user’s supervisor or other designated individuals. In the case of IoT, the notification goes to the designated device owners to let them know there is likely a security issue and what Aruba ClearPass action was taken.
To deliver this advanced level of insider attack management, Aruba ClearPass provides Niara with information about each device that logs onto the network including data such as the time the device connected, where it’s located, and based on role, what it’s allowed to access. With this additional detail, a device logging in as a “Guest” device now becomes individually identified so that Niara’s baselining and analytics can differentiate between contractor Joe who operates within the rules and vendor Sam who is probing for sensitive information. This precision profiling capability also applies to networks of IoT devices, whose volume is accommodated via Niara’s scalable Spark/Hadoop-based platform.
“Aruba’s ClearPass Exchange program allows enterprises to leverage the visibility and enforcement capabilities of the ClearPass solution so organizations can find attacks within the perimeter and ClearPass can disconnect devices from wired and wireless networks before they do damage,” said Sriram Ramachandran, CEO and co-founder, Niara. “Niara’s UEBA solution provides precision inspection capability and accurate alerts that Aruba ClearPass can confidently act on to protect the organization”.
Niara’s behavioral analytics platform automates the detection of attacks and risky behaviors inside an organization and dramatically reduces the time and skill needed to investigate and respond to security events. The solution applies machine learning algorithms to data from the network and security infrastructure to detect compromised users, entities, and negligent or malicious insiders, reduce the time for incident investigation and response, and speed threat hunting efforts by focusing security teams on the threats that matter. Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures and Venrock. For more information, visit www.niara.com.