Several years ago, the key players in the US Government security infrastructure developed a new, more proactive architecture with which to confront the growing cyber security threat. They named it Active Cyber Defense (ACD). The goal with ACD is to move from being reactive to proactive in dealing with cyber threats for organizations under attack.
At its core, ACD defines a four-stage pipeline consisting of sensing, sense making, decision making and action. The overarching goal of ACD is to accelerate the progression through the pipeline and to automate the stages as much as possible. The better the intelligence in sensing, sense making and decision making, the more confident and timely the resulting action can be.
ACD is the perfect context in which to view HPE Aruba’s acquisition of Niara. The combination of the ClearPass user and device visibility with Niara’s advanced, machine learning-based attack detection delivers on ACD’s promise.
Let’s take it by the numbers.
- Sensing. ClearPass delivers comprehensive visibility for all users and devices on the network. Not only as individual actors but as part of peer groups that are key to Niara’s peer baselining and behavioral anomaly detection. Knowing that someone is in the finance group is easy, knowing a device is a blood pump or heart monitor means that UEBA is now relevant to IoT security. Niara adds this to network, flow and log data to complete the “sensing” stage.
- Sense-making. This is where Niara shines. UEBA uses a combination of supervised and unsupervised machine learning models to find and alert on attacks that have evaded real-time defenses. It is only by seeing, aggregating and interpreting small changes in behavior that these “attacks on the inside” are detected.
- Decision-making. This is where it gets really interesting. Niara now sends precision alerts to ClearPass Policy Manager where much of the decision-making has been codified in a set of policies that have been pre-defined to makes changes based on the type of alert and entity affected. This can be as simple as a re-authorization or as aggressive as a quarantine. Even modest responses buy time for the analyst, who can then use Niara’s integrated incident investigation to further diagnose the situation and take further remediation steps.
- Action. How cool is it that automated, policy-driven action is now possible. By virtue of the closed-loop integration between ClearPass and Niara, the organization can set up confident, proportional and real-time responses to attacks before they do damage.
The key to Active Cyber Defense is having the right components in position to execute on all four of the stages and this usually entails stringing together many different solutions. The promise has rarely, if ever, been delivered by one vendor in a seamlessly integrated solution.
With HPE Aruba’s acquisition of Niara, the visibility, intelligence and proactive security that ACD envisions are now available to every ClearPass customer.
Come see Niara at the RSA Security Conference (Booth N3132) and at Atmosphere 2017!