HPE Aruba Extends Security Leadership for the Intelligent Edge with Niara

New Niara UEBA Enhancements Help Reduce Security Team Anxieties by Accelerating Detection and Response for Internally Targeted Attacks

Following last week’s acquisition of user and entity behavioral analytics (UEBA) leader Niara Inc., Aruba, a Hewlett Packard Enterprise company, today reinforced its dedication to delivering innovation in the security space with the introduction of new capabilities for the Niara behavioral analytics solution to better protect data and high-value corporate assets.

The latest Niara enhancements are designed to eliminate security concerns caused by one of the most significant challenges facing security teams – when advanced, next-generation attacks breach perimeter-based security systems such as firewalls and security information event managers (SIEMs). These types of attacks typically go undetected and have unrestricted access across an organization’s entire infrastructure, resulting in significant risks to conventional users and devices, as well as to Internet of Things (IoT) that are used to control equipment on factory floors and smart buildings.

To help address these issues, new Niara machine-learning and incident investigation workflow features, including Adaptive Learning and Analyst Playbooks, enable more precise attack detection for high-value assets and devices and users, resulting in faster decision making for remediation and response. When these new Niara features are combined with Aruba’s industry-leading ClearPass Policy Manager, individual incidents that reach a certain risk score within the Niara solution (ranging from 1 to 100) can use pre-defined ClearPass policies to automatically quarantine, or completely shut off network access, providing security teams with additional time to thoroughly investigate the incidents.

“It’s no secret that today’s advanced threats are more easily penetrating legacy perimeter security systems and, once inside, have complete, unfettered access to multitudes of corporate data, as well as IoT devices that control many operations within factories and buildings,” said Robert Westervelt, security research manager at IDC. “Firewalls, security information management systems, and other perimeter systems remain highly useful and necessary weapons against attacks. However, interior-based solutions that leverage behavioral analysis, combined with policy enforcement solutions that work harmoniously with the majority of perimeter-based tools, are today’s best-available ‘one-two punch’ defense.”

Adaptive Learning and Analyst Playbooks Extend Attack Detection and Incident Response Capabilities
Niara 2.0 implements new machine learning and incident investigation techniques, allowing security analysts to focus their attention on the highest priority threats for rapid response.

Adaptive Learning is a breakthrough implementation of the Niara machine learning algorithms across two dimensions:

• Analysts can change the severity level of each alert type at a user or device level. Through such input, the analyst can shape how the alert should be treated in the overall computation of the risk score.
• Analysts can label an alert as a “true anomaly” or “authorized exception”. This information is incorporated into each model’s continuous learning loop, and allows for ongoing improvements in the model’s accuracy. For example, analyst input into authorized exceptions will ensure that the solution does not trigger alerts for the affected entity on this dimension going forward.

As an example, one Niara customer is using Adaptive Learning to ensure that anomalous activity associated with systems that contain patient healthcare information is immediately flagged to the analyst’s attention.

Analyst Playbooks further reduce the time security teams spend identifying and responding to attacks. The Niara solution now offers custom Playbooks for each alert type to establish a library of best practices for rapid investigation and remediation of incidents.

With many organizations facing a scarcity of security personnel, a key goal for Analyst Playbooks is to maximize security analysts’ productivity through crowdsourcing of security expertise in incident triage and investigations. With Niara, junior staff can easily access the library to retrieve data and forensic information required to diagnose an alert based on the experience and insights embedded in the Playbooks. Security teams can also share Playbooks created by their seasoned peers experienced in investigating sophisticated attacks.

“For security and network infrastructure teams, it’s a never-ending war against hackers,” said Vinay Anand, vice president and general manager of ClearPass Security, at Aruba. “New features built into the Niara security solution are providing enterprises with the equivalent of precision-guided missiles that work closely together with perimeter-based systems to better protect data and other corporate assets against current and future next-gen hacker attacks. With Niara, Aruba is the only security vendor that can identify potential threats and immediately take action to shut down an incident before damage occurs.”

“The pace of our standalone UEBA and security analytics product innovation is accelerating with the support of the Aruba integration team,” said Sriram Ramachandran, CEO, Niara. “Now that we are an essential part of the ClearPass security portfolio, we remain committed to providing an open, complementary multi-vendor solution, designed to enhance the value of a customer’s perimeter security investments.”