WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Add Hewlett Packard Enterprise (HPE) to the list of IT vendors applying advanced analytics techniques to stop network threats in their tracks.
HPE announced on Feb. 1 that it had acquired Niara, one of eSecurity Planet's top security startups of 2016, for an undisclosed amount. As explained by Niara's CEO and co-founder, Sriram Ramachandran, in this 2015 interview, the Niara platform takes data from existing security infrastructure, along with packet and traffic flow information from the networking side, and applies machine learning to spot anomalous behaviors that may indicate the presence of an advanced threat.
"Niara is designed to detect attacks that have evaded traditional security defenses that rely on rules, signatures, pattern matching, etc. to find known threats," Vinay Anand, Vice President of ClearPass Security at HPE Aruba., told eSecurity Planet.
"To be more specific, the company detects attacks that start with compromised and negligent users, and malicious insiders that are using legitimate credentials," continued Anand. "The only way to detect them is to look for changes in behavior that are indicative of an attack that's been in development for a long period of time. This is exactly why we use machine learning, which does not rely on rules, etc."
HPE plans to add Niara's behavioral analytics technology to its Aruba ClearPass Policy Manager, the company's network access policy management solution. Hewlett-Packard acquired Aruba in 2015, before the company split into two separate companies, PC and printer maker HP and enterprise and enterprise IT systems and services provider HPE.
Niara's analytics models are designed to detect data exfiltration and account takeover attempts, said Anand. They can also find ransomware and evidence of command and control mechanisms used by attackers as part of their kill chain to maintain remote access to a victim's network. Finally, it can unearth suspicious behaviors, including password sharing or escalation of privileges.
For Ramachandran, the acquisition is a return home, of sorts.
"Niara co-founders Sriram Ramachandran (CEO) and Prasad Palkar (Vice President, Engineering), along with several other engineers, are returning to Aruba," informed Keerti Melkote, senior vice president and general manager of HPE Aruba, and co-founder of Aruba Networks, in a blog post. "This team developed the core technologies in the current ArubaOS operating system, including authentication, encryption, deep-packet inspection and more."