25 Aug Niara’s PartnerWatch™ Extends UEBA Reach To Monitor and Track Third Party Access to High Value Assets
Advanced Machine Learning Models Use Behavior Profiling to Detect Misuse of Credentials by Compromised or Malicious Business Partners
SUNNYVALE, CA – August 25, 2016 – Niara, a recognized leader in user and entity behavior analytics (UEBA), today announced PartnerWatch™, the first application of UEBA machine learning to detect attacks targeting high value applications and databases entering the enterprise through partner portals or virtual private networks (VPN). By making partners full-fledged entities in Niara’s platform, security teams can maintain automated, focused oversight of third-party access to and use of high value assets.
Many high-profile attacks over the last several years have been triggered by the misuse of business partner credentials. According to the 2016 Verizon Data Breach Investigations Report, 97 percent of breaches featuring stolen credentials leveraged legitimate partner access. With enterprise business processes increasingly incorporating partner access to sensitive IT resources, even the best-defended organization cannot identify who is behind partner credentials and their ultimate intentions. Login credentials are often shared among partner employees, making it difficult, if not impossible, to spot behavioral anomalies that are indicative of slowly gestating attacks.
Niara’s PartnerWatch combines new technologies in data gathering, machine learning, asset classification and forensic support to deliver the same risk scoring and behavioral profiles for partners that the security team receive for employees or internal host systems. This includes:
- Precision Sensing: Niara collects partner-specific data, traffic and events across packets, flows, logs and alerts.
- Partner Behavior Profiling: With precision data collection, Niara’s supervised and unsupervised machine learning models build behavior baselines for single partners and partners in similar peer groups, such as parts suppliers or mortgage brokers. Details on time of access, geographic location, data produced and consumed and duration of access are included in continuously updated risk scores. When partner behavior crosses predetermined thresholds of anomalous or malicious activity, the security team is alerted.
- Partner Entity360™: Niara’s Entity360™ is the security dossier for key IT entities, including users, hosts, applications and IP addresses. Entity360 profiles contain current and historical risk scores and pre-fetched summaries of security-relevant activity, enabling security teams to instantly triage and act on high priority alerts. PartnerWatch produces Entity360 profiles for partner organizations in aggregate, as well as individual users who have partner access.
- Partner Watch Lists: Given the sensitivity of partner access and activity, the security team can establish watch lists that deliver partner-specific security status combined with customized actions to be taken in the event of a high priority alert.
- High Value Asset Focus: Niara’s UEBA business context further refines partner risk scores. If anomalous behaviors are seen in conjunction with a system that houses critical data, such as patient records, source code or credit cards, the risks scores are automatically recalibrated to reflect the increased threat.
“By using innovative machine learning on a big data platform, user and entity behavior analytics has proven to be a very powerful framework to increase an organization’s security visibility into attacks that have evaded real-time defenses,” said Sriram Ramachandran, CEO and co-founder of Niara. “With PartnerWatch, Niara continues to extend its application of UEBA to now include the previously unseen risk profile of business partners. Whether it is a supplier that has been compromised, or a trusted partner gone rogue, Niara’s behavioral models will alert the security team to an attack so they can block access or take other steps for remediation and response.”
Niara’s PartnerWatch is available immediately as part of the Niara behavioral analytics platform. Find out why Niara was named a Cool Vendor in the 2016 Cool Vendors in UEBA, Fraud Detection and User Authentication1 report by Gartner.
1Gartner “Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016” by Andrew Walls, Brian Reed, Avivah Litan, Sandy Shen and Craig Lawson, May 2, 2016
Niara’s behavioral analytics platform automates the detection of attacks and risky behaviors inside an organization and dramatically reduces the time and skill needed to investigate and respond to security events. The solution applies machine learning algorithms to data from the network and security infrastructure to detect compromised users, entities, and negligent or malicious insiders, reduce the time for incident investigation and response, and speed threat hunting efforts by focusing security teams on the threats that matter. Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures and Venrock. For more information, visit www.niara.com.
LEWIS for Niara