Security teams are tasked with cutting through the alert white noise produced by numerous systems in the IT infrastructure in order to quickly detect attacks and limit their impact. They must quickly investigate and remediate what they find, as cybercriminals are increasingly sophisticated and the consequences of being a breach victim are now higher than ever before. So it’s no surprise that network-level insight added to logs, alerts and end point data is a critical part of the analyst’s “workbench.”
Gigamon recently announced its GigaSECURE-generated network metadata – including unsampled Netflow and IP information export (IPFIX) – via the Gigamon Metadata Engine to provide security teams with a reliable, high fidelity source of packets and associated network information. This information is curated specifically to help with the threat hunting and incident investigation challenges security teams face. With GigaSECURE, the same raw material used by the network and infrastructure management groups to see exactly how the IT infrastructure is performing is also now available to help drive the advanced analytics and layered forensics that Niara uses to detect and respond to attacks.
Today, we announced that Niara delivers support for the GigaSECURE Security Delivery Platform (SDP) and the Gigamon Metadata Engine. With this partnership, we can uniquely leverage the enterprise scale and coverage of the GigaSECURE platform, its seamless delivery of both packet streams and metadata and key services such as SSL decryption. Customers can benefit from the insights Niara provides via analytics on network data without the need for specialized packet processors.
Most products that start with packets and flows also end there. However, when network insights such as those provided by GigaSECURE are fused with relevant security data (e.g., logs, alerts, threat feeds) from the rest of the IT infrastructure, analytics are more precise, attacks previously undetected are found and cleanup can take minutes compared to hours or even days. And that’s precisely what Niara does. By using a full spectrum of machine learning techniques (e.g., supervised, semi-supervised, unsupervised) on these diverse data sources, Niara generates credible, robust results that link anomalous events to malicious intent.
Niara’s analytics models can utilize all data sources to find and thread together “weak” signals of attacks that have breached real-time defenses and evaded rule-based detection techniques. Behavioral analytics, including user behavior analytics (UBA), automatically profile entity behaviors (which includes users and hosts) to surface anomalous actions that deviate from normal behavior baselines. Unique stateless discrete analytics are also automatically applied to a variety of incoming data element as they are aggregated, adding a second dimension of attack detection to the behavioral analytics. As a result, Niara delivers a much richer and more complete view of attack activity.
Everyone loves a “two-fer.” For enterprise IT groups, the GigaSECURE platform combined with Niara’s security analytics means the ROI of a Gigamon investment significantly increases. Security teams are provided with the tools they need to quickly find and respond to the sophisticated attacks that have gotten past perimeter defenses and are now on the inside.