The Niara Analyzer is a big data, analytics platform that builds constantly updating and historically complete Entity360® risk profiles that are context-rich security-dossiers for users, systems and IP addresses. Niara uniquely combines identity data with both IT logs and alerts (e.g., firewall, web proxy, VPN, endpoint, DLP, AD, DNS, DHCP, badge logs etc.) and network sources (packets, flows, etc.) to detect attacks that have evaded real time systems and accelerate incident response. These risk profiles are built using a comprehensive set of unsupervised, semi-supervised and supervised machine learning techniques to track and score a rich set of dimensions characterizing an entity’s behavior – authentication, internal resource access, peer-to-peer activity, remote access, cloud application usage, internet and internal activity and physical access. This allows the solution to more reliably link anomalous behavior with malicious intent. Niara Analyzer supports open APIs for customers to plug into existing security workflows and leverage the Niara solution to add value to existing security investments.
Deployed as a pre-packaged on-premise solution, an application on your existing big data platform, or in the cloud, the Niara Analyzer installs quickly and generates results without pre-configured rules. signatures, configuration or tuning.
The Entity360 provides a consolidated representation of entities’ (i.e., users, hosts or IPs) activities regardless of data source, devices used or activity type. Entity360 includes a risk score (0 to 100). A high risk score could potentially indicate a compromised entity, or a negligent or malicious insider. Entity360 profiles can be accessed by existing consoles and workflows through an open API. LEARN MORE
Contextually-weighted, machine learning driven entity risk scores account for key factors like the spread, order, and time proximity of incidents across attack stages as well as the time elapsed since detection. Accurate, normalized scores mean analysts can confidently use the score to prioritize their efforts. LEARN MORE
Machine learning-based analytics profile multiple security-relevant behaviors (e.g., authentication, remote access, internal access to high value resources, cloud application usage etc.) across numerous data sources to more reliably attribute malicious intent to detected anomalies. LEARN MORE
Analytics and forensics are intrinsically tied together, providing analysts with instant access to complete context (e.g., transaction-level summaries, files, event details and timeline views describing why something was flagged as high risk). This enables the security team to triage more efficiently, make better decisions, and respond before damage is done. LEARN MORE
Niara’s optional Packet Processor is a multi-purpose Deep Packet Inspection (DPI) software component that provides enhanced packet-level metadata (e.g., session data such as source and destination IP, transaction data such as HTTP headers, SMTP sender/recipient details, etc.) for Niara’s multi-dimensional analytics.
The Niara Packet Processor is available as a virtual or hardware appliance, and can be deployed behind a packet broker or connected via a SPAN or TAP port to directly monitor traffic at ingress/egress or trust boundaries without impacting the network.