Larry LunettaGiven the need for security teams to not only cut through the alert white noise to discover threats, but also quickly investigate and remediate what they find before damage is done, it’s no surprise that network-level insight added to logs, alerts, and end point data has become a critical component of the analyst’s “workbench.” And in our blog “Can You See Them Now?”, we discussed why this insight—derived from packets, NetFlow, and network metadata—is so valuable.
Using the GigaSECURE Meta Data Engine—which generates network metadata, including unsampled NetFlow/IPFIX—Niara is fighting alongside Gigamon to provide security teams with a reliable, high-fidelity source of packets and associated network information curated specifically to help with the threat discovery and incident investigation challenges they face. The beauty of GigaSECURE is that the same raw material used by the network and infrastructure management groups to see ground truth on IT infrastructure performance is now available to drive the advanced Machine Learning and layered forensics that Niara’s User and Entity Behavior Analytics (UEBA) uses to discover and respond to attacks.
The Niara UEBA solution uniquely leverages the enterprise scale and coverage of the GigaSECURE platform with its seamless delivery of both packet streams and metadata, along with key services such as SSL decryption. We do this with a multi-stage pipeline of data fusion, highly scalable behavior analytics, data enrichment and forensic support that includes:
- Fusing packets and network metadata with logs, alerts and external threat feeds. Most products that start with packets and flows also end there. However, when network insights are fused with logs and other data from the rest of the IT infrastructure, analytics are more precise. Attacks that had previously gone undetected are found, and cleanup now takes minutes as compared to hours or even days.
- Machine learning-based behavioral analytics. Because Niara can use the widest range of data sources available to UEBA solutions, our machine learning models provide a much richer and more complete view of IT activity and risk on the inside of an organization.
- Supervised and unsupervised machine learning models are also applied automatically. Unsupervised models profile entity behaviors (which include not just users, but devices and applications) and surface anomalous actions that deviate from the baseline. Supervised models combined with third-party alerts add a second dimension of risk scoring to provide a clear indication of malicious intent.
Everyone loves a “two-fer”—especially when allies in the fight against cyberattacks are so valuable. For enterprise IT groups, the GigaSECURE platform combined with Niara UEBA means that the ROI of a Gigamon investment significantly increases by providing security teams with the visibility they need to quickly find and respond to targeted threats that have evaded perimeter defenses.
There is a thriving marketplace for malware, ransomware and other exploits on the Dark Web. We have to fight together because that’s what the bad guys do.
Click here for or more information about the Gigamon and Niara joint solution.
