Overview

Niara’s UEBA solution detects attacks that have evaded real time defenses before they do damage with a range of supervised and unsupervised machine learning models that spot malicious activity at each stage of the kill chain. Niara leverages both the compute and storage scale of the Spark/Hadoop framework to provide full forensic support for accelerated investigation, decision making and response. Users, systems, applications, partners, etc. are individually tracked via an Entity360™ security profile that maintains a continuously updated risk score along with one-click access to their security-relevant IT activity (down to the packet level) that the security team needs to build a response and remediation plan. Niara customers are reporting up to 30 hours of savings per investigation for high priority alerts given the easy access to consolidated entity, log, and network forensic information over months or years of activity.
Niara’s UEBA Machine Learning introduces a second dimension of attack analytics to complement the rule and signature-based approach of SIEM, IDS, etc. Without rules or preparation, Niara builds baselines of IT activity for users, servers, applications, etc., so even small changes in typical behavior are detected, put into context and tracked over time. This provides the security team with a completely new technology to deal with carefully crafted, slowly gestating exploits that utilize legitimate credentials such as compromised users unleashing a ransomware attack, negligent users sharing application credentials and disgruntled employees out to steal information or do damage. Niara turbocharges SIEM and logging products such as Splunk and ELK with bidirectional integration that leverages their data aggregation while returning high-priority alerts and forensic information to the SOC console and case management workflow.