Niara’s user and entity behavior (UEBA) analytics use supervised and unsupervised machine learning techniques to detect anomalous behaviors and find attackers without up-front configuration. Supervised learning models, trained on large volumes of real world data, are applied to quickly surface indicators of compromise that would otherwise remain undetected. Niara’s unsupervised machine learning models ensure that the system is self-learning, continually adapting and accurately identifying anomalies even as attacks evolve.
While Niara’s machine learning models deliver value immediately upon deployment, analyst-provided feedback enables the platform to transparently adapt to the uniqueness of the local environment in a learning loop. Niara automatically learns the local enterprise context through analyst classification on alerts (e.g., the development server admin regularly downloads large files, hence those activities should not be interpreted as anomalous) and delivers remarkably noise-free results, which is not possible with solutions that cannot adapt.
Niara’s user and entity behavior (UEBA) analytics use security information in packet, flow, log, file, alert and threat feed data, to provide the most accurate information for attack detection. Analytic modules include authentication, remote access, resource access, file, protocol, and peer-to-peer analytics, enabling Niara to not only detect anomalies, but more reliably attribute malicious intent to them. Analytics are presented graphically using interactive visualizations. And with integrated forensics, Niara makes it easy to get complete context on why something was flagged as high risk.
By providing Entity360 risk profiles that profile entities (i.e., users and hosts), Niara enables comprehensive attack detection – e.g., discovering compromised headless devices, anomalous access to servers and applications, etc. Entity risk profiles provide a consolidated visual representation of all security-relevant information associated with an entity (e.g., results of user behavior analytics or UBA), making it easy for analysts of all experience levels to observe anomalies and patterns.
Niara’s use of unsupervised and supervised learning models enable anomalous behaviors to be linked to malicious intent more reliably. Niara’s analytics modules are multi-dimensional, profiling multiple orthogonal behaviors to make the system less prone to false positives. The outcome? Analysts can make better decisions because they have high confidence that any detected anomalies are indeed real.
A big data foundation allows Niara to ingest diverse data sources (i.e., packets, flows, logs, files, alerts, threat feeds) regardless of volume, fuse it into a single stream while simultaneously reducing its size, distill it into graphical summaries that provide rich context, and correlate it all back to entities for unparalleled visibility across an organization. Niara provides cost effective horizontal scalability and the ability investigate across time as far as needed, be it weeks, months, or years.
Convergence of analytics with forensics makes advanced attack detection and incident response more efficient