For years, network and security teams have faced an ever-vexing problem: Fighting threats using policy-based detection always in a permanently reactive posture. There is always a delta between the time a new threat is discovered and the time a policy can be deployed to guard against it. Heuristics have been used with varying degrees of success to help identify malicious files as they emerge in the wild, but this is an inconsistent approach in today’s context of ultra-mobile and IOT devices, BYOD strategies, and cloud computing. In fact, policy (think “definitions”) based approaches to security have become arguably less effective in recent years because of the contextual evolution of computing. Security Information and Event Management (SIEM) methodologies are increasingly adopted among larger and more sophisticated security teams as a result. A subset of SIEM solutions is one that focuses on gathering data about behavior of users and devices on the network and analyze them using machine learning and data analytics rather than attempting to match snippets of data streams against stored databases of fingerprinted threats. This is referred to as User Behavior Analytics (UBA).
Until now, the mostly Hadoop-driven deployments of UBA solutions have been accessible only to organizations with deep enough wallets to deploy large, complex systems and employ large, erudite teams of security analysts. HPE aims to democratize information security with Niara, a which it acquired for an undisclosed sum within the last few months.
Niara differentiates itself from other UBA solutions with its ability to process network flows in real-time, rather than relying on log-file analysis after the fact. It’s analogous to detecting smoke from the ignition of a match versus scanning the call log from the fire department. In today’s security milieu, seconds can mean the difference between critical data being safeguarded or smuggled out the back door of the network. At Atmosphere 2017, I was part of a team privileged to attend several deep-dive sessions presented by HPE and Aruba business units, and Niara was one of the more impressive. It was apparent that their efforts to streamline, contextualize, and dynamically score network flows in a way that can be easily interpreted by employees who aren’t experienced security analysts will usher in a level of threat containment and data loss prevention to a much broader range of organizations. Niara’s dashboard presentation of individual user behavioral scores, along with the ability to quickly take action on them via ClearPass, was demonstrated during an entertaining keynote session as well.
HPE is already a consensus leader in network access control with ClearPass; additionally, the ability for Niara to natively integrate with the Aruba mobility components lays a peerless foundation for a consistent and actionable security posture--desperately needed as our devices become more diverse and less centrally manageable and the borders of our networks become more nebulous. As the integration of Niara with Aruba’s MobileFirst platform matures, we’ll soon see smaller organizations with leaner security teams deploying world-class SIEM solutions that would have recently been out of reach. Learn more about Niara here, and post back with comments if you’d like to discuss this topic further.