Niara is a two-year-old entrant in the security analytics market. It applies machine learning to reams of a company’s information, including security logs and network packets and flows, to find and alert on anomalous behavior that may indicate malicious activity.
Niara also aims to make it easier for security and operations analysts to respond to and investigate alerts by providing context for the alert, such as the user or host associated with the anomalous activity, as well as related files, event details, and packet captures, all from the Niara console.
There’s an increasing interest in the field of security analytics (see Cisco’s recent announcement of its intent to acquire network anomaly detection vendor Lancope) as organizations realize they can’t keep out all malicious activity.
Companies are backstopping prevention systems with analytics to detect intrusions faster. The idea is that faster response will limit the damage of an incident.
How It Works
Niara’s primary component is the analyzer, which is a software package built on Hadoop. The analyzer receives logs from security systems such as firewalls and IDSs, log aggregators such as Splunk, or from SIEMs. It also uses logs from Active Directory, Web proxies, Syslog and other sources.
All this data is correlated to provide context, such as linking IP addresses with specific users and devices, and tracking authentication to corporate resources. In addition to correlating raw data, it applies machine learning techniques and statistical modeling to provide additional analysis.
Niara also uses a packet processor to get network data. The packet processor can be deployed on a span port or TAP, or sit behind a packet broker. The packet processor captures metadata about network traffic and sends it to the analyzer. It can also perform a full packet capture for detailed forensics.
As the Niara application gathers and analyzes data, it creates what the company calls Entity360 profiles of users, devices and applications. The profiles, which are updated continuously, essentially track the risk that each entity poses to the organization.
If a profile exceeds a risk threshold, the system will send an alert. If, after investigation, human operators determine the alert was a false positive, they can provide feedback to the system to, the company claims, improve the system’s ability to identify actual malicious behavior.
Niara says its product can be used for both real-time incident response and for forensic investigations after an incident has occurred.
Niara will ship its analyzer software and Hadoop in a 2U server. Organizations can also deploy Niara’s software on an existing Hadoop cluster. The solution can also be deployed in Amazon.
The company declined to provide pricing information, other than to say it uses a subscription model.
During the briefing, my ears pricked up when CEO and co-founder Sriram Ramachandran declared that one of the company’s goals is to amplify the insights and expertise of human operators.
In other words, the company isn’t about replacing security analysts and responders with an automated system, but about making those people more effective. That’s a goal I can support.
The real issue is whether Niara can actually provide useful, actionable context from the sea of noise in which it swims. Niara isn’t the first company to take up this challenge; SIEM and NBAD vendors have been at it for years, with varying degrees of success.
Niara points to its use of Hadoop and machine learning as differentiators. The implication is that being born in the age of Big Data gives Niara a technology advantage over legacy SIEM products that were originally designed a decade or more ago.
As always, organizations would be wise to test a vendor’s claims in a lab or demo. That said, I think security analytics can be a valuable risk management tool, and this space is worth a look.
Niara was founded in 2013 by CEO Sriram Ramachandran and VP of Engineering Prasad Palkar. Ramachandran has held VP-level positions at Aruba Networks, Juniper Networks, and NetScreen Technologies. Prior to founding Niara, Palkar was also a VP at Aruba Networks and the founder of Kalea Systems.
Niara has raised $29 million over two rounds. Its investors are NEA, Index Ventures, and Venrock.
For more startup coverage from Packet Pushers, check out the following posts: