Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined



Similar documents
Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Threat Advisory: Accellion File Transfer Appliance Vulnerability

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM QRadar Security Intelligence April 2013

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

How To Manage Security On A Networked Computer System

Security strategies to stay off the Børsen front page

CyberArk Privileged Threat Analytics. Solution Brief

IBM Security IBM Corporation IBM Corporation

Detect & Investigate Threats. OVERVIEW

IBM Security Intelligence Strategy

The SIEM Evaluator s Guide

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Under the Hood of the IBM Threat Protection System

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Win the race against time to stay ahead of cybercriminals

Concierge SIEM Reporting Overview

Security Intelligence

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Unified Security, ATP and more

The Sophos Security Heartbeat:

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Introducing IBM s Advanced Threat Protection Platform

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Discover & Investigate Advanced Threats. OVERVIEW

QRadar SIEM and FireEye MPS Integration

THE EVOLUTION OF SIEM

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

IBM Advanced Threat Protection Solution

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Stay ahead of insiderthreats with predictive,intelligent security

The webinar will begin shortly

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

STEALTHWATCH MANAGEMENT CONSOLE

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

WHITE PAPER: THREAT INTELLIGENCE RANKING

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Using SIEM for Real- Time Threat Detection

SANS Top 20 Critical Controls for Effective Cyber Defense

AMPLIFYING SECURITY INTELLIGENCE

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Active Response: Automated Risk Reduction or Manual Action?

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

QRadar SIEM 6.3 Datasheet

Modern Approach to Incident Response: Automated Response Architecture

Analyzing HTTP/HTTPS Traffic Logs

What s New in Security Analytics Be the Hunter.. Not the Hunted

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Securing SharePoint 101. Rob Rachwald Imperva

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

APPLICATION PROGRAMMING INTERFACE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

A Primer on Cyber Threat Intelligence

The Purview Solution Integration With Splunk

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Advanced Threats: The New World Order

100 Hamilton Avenue Palo Alto, California PALANTIR CYBER. An End-to-End Cyber Intelligence Platform

Combating a new generation of cybercriminal with in-depth security monitoring

Endpoint Threat Detection without the Pain

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Strengthen security with intelligent identity and access management

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

IBM QRadar as a Service

North American Electric Reliability Corporation (NERC) Cyber Security Standard

RSA Security Analytics

You ll learn about our roadmap across the Symantec and gateway security offerings.

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

The Cyber Threat Profiler

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Extending security intelligence with big data solutions

Security Analytics for Smart Grid

Symantec Advanced Threat Protection: Network

Comprehensive Advanced Threat Defense

Gaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente

Transcription:

Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In an era of increasingly sophisticated threats and huge alert volumes, enterprises need an intelligent monitoring and response solution that reveals rather than clutters. The Niara Security Intelligence solution is a unique approach to threat discovery and incident investigation. Niara uses disparate data sources (e.g., logs, flows, packets, files, alerts, threat feeds) for unmatched visibility; proprietary discrete and behavioral analytics, including user behavior analytics (UBA) to deliver comprehensive, high-fidelity Entity360 profiles for users, devices and applications; integrated forensics that provide the supporting evidence security analysts need to pinpoint real issues; and a big data-based architecture to scale easily. By fusing disparate data sources, forensics, and advanced analytics, Niara sets the standard for security intelligence, raising the productivity of security teams and reducing organizational risk. Copyright 2015 Niara, Inc. All rights reserved. 1

The Approach Niara surfaces sophisticated threats, discoverable only by detecting and stitching together weak signals in the context of an entity over a period of time. Reveal Intelligence via Data Fusion and Analytics Niara s innovative proprietary data fusion and analytics techniques, continually happening behind the scenes, are the underpinnings of the Niara solution and help in incident investigation and unearthing threats that bypass traditional detection and prevention systems. Data Fusion In Niara, data fusion is the process of converting raw data from disparate sources (e.g., logs, flows, packets, files, alerts, threat feeds) into meaningful information while simultaneously reducing it in size. During data fusion, raw data is correlated to make it more meaningful (e.g., associating IP addresses with users) and distilled into summaries that provide rich context (e.g., authentication and device usage histories, port-protocol relationships, etc.). The process of data fusion is further complicated because of varying velocities in the arrival of voluminous data from disparate data sources. However, since Niara is built on a robust big data architecture, data fusion can occur at scale. Copyright 2015 Niara, Inc. All rights reserved. 2

Advanced Analytics Niara automatically applies a range of advanced analytics including advanced statistical modeling and machine learning models to aid in threat discovery and incident investigation. These analytics separately contribute to an entity s overall threat score, which is tracked over time, and identify the relationship between disparate events. Discrete Analytics Here analytics are applied on each datum (e.g., a domain name, a file, a HTTP header, an SSL certificate, etc.) in isolation. For example, Niara has implemented a supervised machine learning algorithm to detect HTTP header anomalies which are often indicative of malware activity. Discrete analytics is stateless as each data element is looked at in isolation. If a discrete analytics module triggers, the result can either be escalated directly as an alert if deemed to be severe (e.g., a malicious file) or used to annotate that datum (e.g., a suspicious file) to facilitate further processing at a later stage. Behavioral Analytics In this phase of Niara s analytics, unique unsupervised algorithms operate on fused data to profile entity behavior on a variety of dimensions (e.g., time of day, duration of access, bytes transferred, etc.) and build up a baseline. Baselines are established in a number of ways including historical activity or membership in a group. New activity is then compared against that baseline to unearth anomalous behavior. Comprehensive Threat Profiling Entity360s are comprehensive entity profiles that are generated for users, devices, and applications. Entity360s provide a coherent, visual representation of all the enriched security information that is associated with an entity, along with the ability to conduct remedial actions (e.g., flag event for review by a higher-level analyst). Entity360s provide one-click access to intelligence that Copyright 2015 Niara, Inc. All rights reserved. 3

security analysts would otherwise spend hours or days searching for across multiple data siloes and assembling as part of any investigation and response. Entity360 threat profiles are very accurate. Discrete and behavioral analytics enable weak signals to be threaded together and tracked across disparate data sources and multiple threat stages. Because analytics are also working at the packet level, Niara surfaces threats and risky behaviors that are unattainable with log data alone. For example, entropy mismatch and suspicious PDF analysis are only possible with deep packet analysis, not with log analysis alone. As Niara is not solely dependent on logs, what logging levels are turned on does not impact the insights provided by Niara. Forensics Niara integrates analytics with a complete forensic trail to support different stages of investigations. The depth of forensics from raw data to events contributing to an entity s threat score to a timeline view of an entity s profile, and more, and more is unavailable with other in-market solutions. Analysts get one-click access to forensics from within the Niara solution, giving them perspective on why something was flagged. No more having to find, search, and analyze across isolated data stores. This richness of and easy access to forensics is invaluable. It provides context that s often needed during investigations. It provides evidence needed for testing hypothesis when threat hunting. Niara, by converging analytics and forensics, enhances the capabilities of analysts at all levels, enabling them to efficiently separate the real from the innocuous and discover the sophisticated threats lurking within corporate networks. Copyright 2015 Niara, Inc. All rights reserved. 4

The Benefits of Converged Analytics and Forensics Advanced analytics and layered forensics enable Niara to accelerate the discovery and investigation of critical security issues. Niara is the only security intelligence solution that uses logs, flows, packets, files, alerts, and threat feeds. Coupled with the fact that Entity360s are generated at the entity level, not just at the user level, Niara provides unparalleled threat discovery capabilities (e.g., discovering a compromised headless server). Entity360 profiles help bring order to the alert chaos, fundamentally changing the way security teams interact with threat information generated by existing systems such as SIEMs, sandboxes, IDS systems, etc. Converged Security Intelligence Compromised User Discovery Niara surfaces advanced threats that can only be discovered by intelligently correlating weak signals, often over a period of time. It does so by building up comprehensive Entity360 threat profiles for users, devices and applications using a range of advanced analytics including patent-pending machine learning algorithms and statistical modeling techniques. The output of this analysis is reflected continuously in an aggregated threat score that reflects the risk associated with tracked behaviors as well as other signals, including alerts generated by 3rd party systems. By examining changes and/ Copyright 2015 Niara, Inc. All rights reserved. 5

or anomalies associated with each Entity360 profile, Niara flags security events that require attention. And because context is often needed, Niara also provides analysts with one-click access to layered forensic evidence that can go back months or more. Malicious Insider Identification Niara speeds up the discovery of malicious insiders, providing the attribution of purposeful threats (e.g., theft of confidential information, sabotage, etc.) back to the individuals. Niara automatically correlates data, so it s easy to find all the activities attributed to a user. The richness of forensics enables in-depth investigations going back months. From a single place, analysts can answer questions such as: What rights did the employee have? Were any deviations noticed in the user s behavior? What did the employee download? What was the risk to the organization from these activities? Threat Hunting Niara enables security analysts to quickly test out hypotheses and hunt for threats within the organization, going back months. Analysts can tap into the rich and diverse data from the disparate sources that have already been distilled and correlated. Niara combines the results of its analytics modules with powerful search and visualization capabilities to empower hunting explorations intended to spot advanced threats. Incident Investigation Niara supercharges a security team s incident investigation capabilities in many areas. Entity360 threat scores provide analysts with an easy way to prioritize and investigate alerts from other systems. All data is correlated to entities, providing attribution and tracking of event timelines (pre- and post-alert). Analysts can easily search for Indicators of Compromise (IOC) on a single system or across the entire enterprise. Niara provides the capability to automatically analyze historical event data using recent threat intelligence to look for impacted systems, or manually initiate analysis with a particular thread of evidence. Analysts can perform efficient impact assessment by identifying all entities that may have been affected by a threat. Copyright 2015 Niara, Inc. All rights reserved. 6

Conclusion The increasing sophistication of cyber threats has brought to light the all too real limitations of traditional security monitoring and response technologies. Organizations must be able to discover compromised users, gain insight into malicious insiders, support advanced threat hunting efforts, and efficiently investigate incidents. Failing to do so allows for a level of uncertainly and risk that most organizations find unacceptable. Niara provides a single solution for complete visibility and context into all the entities in a network. By fusing disparate data sources, Niara provide a deep and contextually relevant foundation for analytics. Entity360 threat profiles deliver a comprehensive view across the organization over time, supporting rapid threat discovery and investigation. Rich forensics support every level of an investigation. And included open APIs enable the Niara solution to easily plug into existing security workflows, extending the value and efficacy of security infrastructure investments. About Niara Niara aggregates security data from disparate sources, ensuring that security teams can identify and quickly respond to sophisticated, multistage attacks that regularly thwart legacy detection technologies. Niara s Security Intelligence solution delivers contextually relevant security analytics by fusing data from disparate sources to discover compromised users, provide insight into malicious insiders, enable advanced threat hunting efforts and efficiently investigate incidents. Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures, and Venrock. For more information, visit www.niara.com or follow us on Twitter (@niara_inc). Copyright 2015 Niara, Inc. All rights reserved. NIARA, NIARA INC., the NIARA logo and PETASECURE are trademarks of Niara Incorporated. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Niara s technology and products are protected by issued and pending U.S. and foreign patents. 20150624 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information