Niara Cybersecurity Analyzer
The Niara Analyzer is a big data, analytics platform that builds constantly updating and historically complete Entity360® risk profiles that are context-rich security-dossiers for users, systems and IP addresses. Niara uniquely combines identity data with both IT logs and alerts (e.g., firewall, web proxy, VPN, endpoint, DLP, AD, DNS, DHCP, badge logs etc.) and network sources (packets, flows, etc.) to detect attacks that have evaded real time systems and accelerate incident response. These risk profiles are built using a comprehensive set of unsupervised, semi-supervised and supervised machine learning techniques to track and score a rich set of dimensions characterizing an entity’s behavior – authentication, internal resource access, peer-to-peer activity, remote access, cloud application usage, internet and internal activity and physical access. This allows the solution to more reliably link anomalous behavior with malicious intent. Niara Analyzer supports open APIs for customers to plug into existing security workflows and leverage the Niara solution to add value to existing security investments.
Deployed as a pre-packaged on-premise solution, an application on your existing big data platform, or in the cloud, the Niara Analyzer installs quickly and generates results without pre-configured rules. signatures, configuration or tuning.
Entity360 risk profiles
The Entity360 provides a consolidated representation of entities’ (i.e., users, hosts or IPs) activities regardless of data source, devices used or activity type. Entity360 includes a risk score (0 to 100). A high risk score could potentially indicate a compromised entity, or a negligent or malicious insider. Entity360 profiles can be accessed by existing consoles and workflows through an open API.
Contextually-weighted, machine learning driven entity risk scores account for key factors like the spread, order, and time proximity of incidents across attack stages as well as the time elapsed since detection. Accurate, normalized scores mean analysts can confidently use the score to prioritize their efforts.
Machine learning-based analytics profile multiple security-relevant behaviors (e.g., authentication, remote access, internal access to high value resources, cloud application usage etc.) across numerous data sources to more reliably attribute malicious intent to detected anomalies.
Analytics and forensics are intrinsically tied together, providing analysts with instant access to complete context (e.g., transaction-level summaries, files, event details and timeline views describing why something was flagged as high risk). This enables the security team to triage more efficiently, make better decisions, and respond before damage is done.
Security, Risk & Compliance
Aruba, a Hewlett Packard Enterprise company, is a leading provider of next-generation networking solutions for enterprises of all sizes worldwide. The company delivers IT solutions that empower organizations to serve the latest generation of mobile-savvy users who rely on cloud-based business apps for every aspect of their work and personal lives.