New Niara UEBA Enhancements Help Reduce Security Team Anxieties by Accelerating Detection and Response for Internally Targeted Attacks
Aruba adds new capability of behavioral analytics solution from Niara. As per the release, the latest Niara enhancements are designed to eliminate security concerns caused by one of the most significant challenges facing security teams – when advanced, next-generation attacks breach perimeter-based security systems such as firewalls and security information event managers (SIEMs). These types of attacks typically go undetected and have unrestricted access across an organization’s entire infrastructure, resulting in significant risks to conventional users and devices, as well as to Internet of Things (IoT) that are used to control equipment on factory floors and smart buildings.
To help address these issues, new Niara machine-learning and incident investigation workflow features, including Adaptive Learning and Analyst Playbooks, enable more precise attack detection for high-value assets and devices and users, resulting in faster decision making for remediation and response. When these new Niara features are combined with Aruba’s industry-leading ClearPass Policy Manager, individual incidents that reach a certain risk score within the Niara solution (ranging from 1 to 100) can use pre-defined ClearPass policies to automatically quarantine, or completely shut off network access, providing security teams with additional time to thoroughly investigate the incidents.
Adaptive Learning and Analyst Playbooks Extend Attack Detection and Incident Response Capabilities
Niara 2.0 implements new machine learning and incident investigation techniques, allowing security analysts to focus their attention on the highest priority threats for rapid response.
Adaptive Learning is a breakthrough implementation of the Niara machine learning algorithms across two dimensions:
- Analysts can change the severity level of each alert type at a user or device level. Through such input, the analyst can shape how the alert should be treated in the overall computation of the risk score.
- Analysts can label an alert as a “true anomaly” or “authorized exception”. This information is incorporated into each model’s continuous learning loop, and allows for ongoing improvements in the model’s accuracy. For example, analyst input into authorized exceptions will ensure that the solution does not trigger alerts for the affected entity on this dimension going forward.
As an example, one Niara customer is using Adaptive Learning to ensure that anomalous activity associated with systems that contain patient healthcare information is immediately flagged to the analyst’s attention.
Analyst Playbooks further reduce the time security teams spend identifying and responding to attacks. The Niara solution now offers custom Playbooks for each alert type to establish a library of best practices for rapid investigation and remediation of incidents.
With many organizations facing a scarcity of security personnel, a key goal for Analyst Playbooks is to maximize security analysts’ productivity through crowdsourcing of security expertise in incident triage and investigations. With Niara, junior staff can easily access the library to retrieve data and forensic information required to diagnose an alert based on the experience and insights embedded in the Playbooks. Security teams can also share Playbooks created by their seasoned peers experienced in investigating sophisticated attacks.
“The pace of our standalone UEBA and security analytics product innovation is accelerating with the support of the Aruba integration team,” said Sriram Ramachandran, CEO, Niara. “Now that we are an essential part of the ClearPass security portfolio, we remain committed to providing an open, complementary multi-vendor solution, designed to enhance the value of a customer’s perimeter security investments.”
