Technology Blog

Deter Attacks on the Inside: Niara + ClearPass

by sriram13 ‎11-30-2016 06:00 AM

Whether it’s IBM’s 2016 Cyber Security Intelligence Index showing 60 percent of cyber security attacks coming from threats on the inside or the Verizon 2016 Data Breach Investigation Report finding that 63% of confirmed data breaches involved weak, default or stolen passwords, it’s clear perimeter-focused protection is no longer sufficient. Today’s targeted attacks are designed to stay “under the radar” by moving in small, but deliberate, steps over long periods of time – often with legitimate credentials coopted from a compromised user.

 

Safeguarding against cyber threats now requires a multi-layered security strategy. This includes the ability to detect and combat threats that have evaded other solutions in your security architecture and have compromised employees, contractors, partners or IoT devices.

 

Fortunately, innovative security solutions using machine learning-based analytics and big data platforms can now provide enterprises with a new dimension of protection that traditional security products lack.

 

Niara, a recognized leader in what Gartner calls User and Entity Behavior Analytics (UEBA), uses supervised and unsupervised machine learning to automatically baseline normal user and device behavior while detecting anomalous activity that may indicate a threat. When integrated with Aruba’s ClearPass Exchange, an open third-party integration platform, the combined solution delivers three key security innovations: advanced attack detection, accelerated investigation and automated, policy-based response.

 

Industry-leading advanced analytics detect slowly gestating attacks before they do damage

 

Niara’s UEBA solution automatically profiles every device that connects to your network. Once a baseline of normal behavior is established, we continuously look for potential anomalies, put them into context over time and raise an alert when the risk level reaches predetermined thresholds.

 

When Niara’s alerts are passed to ClearPass, they can trigger automated, policy-based actions such as adaptive authentication or full quarantining of a device to contain the danger until an analyst can follow up. Simultaneously, ClearPass can send a message to the device’s user, the user’s supervisor or other designated individuals. In the case of IoT, the notification goes to the designated device owners to let them know there is likely a security issue and what ClearPass action was taken.

 

Niara-ClearPass Workflow.png

 

As Niara maintains a complete historical forensic record for each entity/device (optionally down to even the packet level), investigation and remediation decisions that traditionally take hours or days can now be done in minutes. Given the high quality of Niara machine learning-based alerts and the 90% reduction in time and effort required to resolve the incident, the ROI of the combined solutions is measurable and significant.

 

From IoT to personal devices, innovative partnership has you covered

 

To provide this advanced level of insider attack management, ClearPass provides Niara with information about each device that logs onto your network via a JSON feed. This includes data such as the time the device connected, the time it disconnected, where it’s located, and what its role allows it to access.

 

Because Niara leverages ClearPass to identify the specific device and user accessing the network, a general access designation such as “Guest” now becomes available for individual profiling. As a result, Niara’s baselining and analytics can differentiate between guest contractor “Joe,” who operates within the rules, and guest vendor “Sam,” who is probing for sensitive information. This precision profiling similarly applies to networks of IoT devices such as factory controllers or arrays of medical equipment.

 

When Niara detects devices deviating from baseline activity we use the REST-based APIs resident in ClearPass to share our analytics results, which includes a risk score and attack description for the specific device or user in question.

 

Integrated detection and response reduces window of vulnerability

 

A key trend in enterprise security is to deploy best-of-breed solutions in a seamlessly integrated framework. As a result, advanced security solutions that work together to close the window of vulnerability between attack detection and remediation are now critical components of an overall threat mitigation strategy. This makes Niara and ClearPass a potent combination to help address advanced and continuously evolving insider threats, no matter where in your environment they originate.

 

Sriram Ramachandran is CEO and Co-Founder of Niara.  Niara’s behavioral analytics platform automates the detection of attacks and risky behaviors inside an organization and dramatically reduces the time and skill needed to investigate and respond to security events. The solution applies machine learning algorithms to data from the network and security infrastructure to detect compromised users, entities, and negligent or malicious insiders, reduce the time for incident investigation and response, and speed threat hunting efforts by focusing security teams on the threats that matter.  Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures and Venrock. For more information, visit www.niara.com.

Comments

Congratulations to the ClearPass and Niara teams on completing this integration.  I am delighted to see us taking this joint solution to market. Given the deteriorating threat landscape and increasing frequency of attacks that successfully evade perimeter defenses, our customers urgently need solutions that can effectively detect attacks in play, and stop them before they do massive damage. The combination of the ClearPass policy platform and Niara's visibility and analytics enables customers to automate detection and response. I look forward to joint deployments and wins that will prove the value of such an integration.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Announcements
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.
Labels