Chilled UEBA

12 May

Chilled UEBA

in Blog, Industry News, Perspectives, Product

by Larry Lunetta

Based on the recent announcement frenzy of “awards” it seems like the security business awards more prizes than show business. Reader’s choice, pay-for-play, Shark Tank Fresno—you get the idea.

two-glasses-of-champagne-narrowThroughout all that, there is a reliable “gold standard” of recognition. This week, Gartner announced their list of Cool Vendors in UEBA, Fraud Detection and User Authentication. Since we are blogging about it, Niara obviously was included as one of five that Gartner found worthy of recognition. Woven throughout the report is the natural synergy of (IAM) Identity and Access Management and UEBA (User and Entity Behavioral Analytics) to accelerate risk identification and escalation. This complements the already-recognized value of UEBA in supplementing SIEM products like Splunk, ArcSight and Intel ESM.

Gartner evokes many different emotions and reactions but the reason they have maintained their pre-eminent position in the world of technology analysts is that they combine their own experience and technical expertise with heavy customer input and validation. Like it or not, they cut through the marketing hype.

We’re excited that the points that Gartner highlights also resonate with customers.

  • Niara is cool because it unifies what most vendors treat as disparate tools in one place, allowing for better detection and response for security teams.
  • Niara is one of a new breed of security analytics vendors with a product that can be deployed either on-premises or in the cloud. It can take existing log, network flow data, full packet capture and threat feeds.
  • (It) then uses analytics to surface threats that have managed to evade other controls, in addition to enabling post-breach detection and forensics use cases.
  • Niara is interesting for organizations that already have security controls and are looking to reduce the time to detect threats already inside their networks. Niara also supports forensics use cases through its ability to take full packet data from a network for further analysis once a threat is identified.

 
As noted above, the nexus of identity, IT data and machine learning is positioning UEBA at the crossroads of the next wave of security monitoring and attack management. Niara regularly combines not only Active Directory but enhanced IAM identity context such as roles and entitlements with logs and alerts that come from SIEM systems. The result is high-precision attack detection and incident response that fits seamlessly into existing SOC workflow.

The UBA market is transforming at warp speed and these factors point to a maturing view of what machine learning combined with a big data architecture can really deliver. It also illustrates that many of the “1.0” UBA products that have not re-implemented on a big data architecture will struggle to catch up.

So, while we are proud of the other awards we managed to snag, to be recognized as a Gartner Cool Vendor in a space that is exploding (but doesn’t yet even have a magic quadrant) – it means a lot.

Being the cool cat in the hot market makes for an interesting journey.

Tags: Blog, Industry News, Perspectives, Product