Niara Entity360s are comprehensive risk profiles that provide a consolidated visual representation of all security-relevant information associated with an entity (i.e., user and host). The Entity360 is continuously updated for every entity, making it easy for analysts of all experience levels to quickly hone in on the anomalies and behaviors that act as indicators of an attack. Rather than adding to the alert white noise problem by flagging all suspicious activity, the Entity360 improves analyst productivity by stringing together weak signals that may be individually insignificant but in aggregate generate a security event if thresholds are exceeded.
Niara maintains a risk score for every entity, which can be used by analysts to prioritize investigations. Threat profile graphs show the sequence of alerts and events contributing to the risk score, classified by the different attack stages. Integrated forensics enable looking back in time to see how the risk score changed and contextually relevant events contributed to it. Rather than just adding to the alert white noise, the Entity360 provides actionable information and context to identify why an entity is being flagged as high risk.
The Entity360 includes interactive visualizations of all the information correlated to an entity: all devices and IPs ever associated with the entity, the ports and protocols used, a complete authentication history, any network interaction, the websites visited classified into categories, and the top network conversations across time filtered by different attributes. By presenting relevant security information in a comprehensive view, instead of being scattered across siloed systems, Entity360s ensure that nothing falls through the cracks and analysts can rapidly respond to identified attacks.
Convergence of analytics with forensics makes advanced attack detection and incident response more efficient