Security analytics firm Niara exited its stealth mode in June with the official launch of the Niara Security Intelligence solution. Now the company is advancing that solution with new capabilities that leverage network packet flow data to enable enhanced user and entity behavior analytics (UEBA).
"We have extended our analytics to include full packet and network flow information," Sriram Ramachandran, CEO and co-founder of Niara, told eSecurityPlanet.
The Niara Security Intelligence solution aims to help organizations uncover sophisticated multi-stage attacks that occur over time and aren't easily identified as being either bad or good traffic.
Just using server logs to help define and identity anomalous user behavior is not enough, Ramachandran explained, adding that it's important to go all the way down to the packet level to identity malicious activity.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Packets are a source of truth and can help an analyst quickly resolve an issue," he said.
Network packet flow information can often require large processing capacities. Niara has built a high-performance packet processor that can access network information in various ways including a physical network tap, a third-party appliance or even just running on a VMware host. While the data collection piece is important, Ramachandran said the true value of Niara's technology is in the analyzer platform.
"The analyzer platform is able to extract insights from the data at a high level of detail and run machine learning algorithms," Ramachandran said. "The granularity of the data will dictate the quality of results that I can deliver on the analytics side."
Those algorithms are able to help connect the dots across all the different data points that Niara examines to help identify potentially malicious activities. The software correlates data over time to get a comprehensive view into the activity of a user, application or a device in an organization. By understanding all of the behavior, the idea is that malicious actions can be more easily discovered.
While Niara is bringing new network visibility into its platform, the company is not yet bringing in automated network remediation, where ports and systems can be blocked to protect against risks. Ramachandran said most organization don't currently want automated remediation; rather they still want a human in the loop who can act on threats based on the machine intelligence that Niara provides.
Looking forward, Ramachandran said Niara is continuing to figure out how to do more analysis at scale.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.