Last month, Gartner announced its list of Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016. In addition to naming Niara as one of the cool vendors, the report highlights how Identity and Access Management (IAM) combined with UEBA (User and Entity Behavioral Analytics) increases the precision and efficiency of attack identification and response. This is in addition to a major application of UEBA as a complement to SIEM products like Splunk, ArcSight, QRadar and Intel ESM.
The report illustrates why UEBA has exploded as an important security solution. Gartner spotlights these key value propositions:
- Real time/perimeter defenses are no longer sufficient to deal with targeted, patient and multi-stage attacks that yield the highest value to the attacker and the most damage to the victim.
- Forensics, or the ability to provide both the supporting alert evidence as well as a head start on the triage, investigation and remediation is an essential companion capability.
- Leading-edge solutions now deploy seamlessly either on-premise or in the cloud without any difference in scale or functionality.
- Strong machine learning combined with user/identity context provides an additional dimension of attack detection not available from rule- and signature-based security products.
Gartner also accurately identified Niara’s key differentiators:
- A unified solution for what most vendors treat as disparate tools, allowing for better detection and response for security teams.
- Deployment either on-premise or in the cloud.
- Comprehensive data acquisition and analytics capabilities that utilize log, network, endpoint and external threat feeds.
- Supervised and unsupervised machine learning that work across the kill chain to identify attacks that have managed to evade other controls.
The combination of identity (userID, group association, roles, permissions, etc.) and IT data (network, log, endpoint, alert, etc.) processed with purpose-built machine learning (supervised and unsupervised models) positions UEBA at the intersection of next-generation security monitoring and attack management. From an identity standpoint, Niara combines Active Directory and enhanced IAM identity context, including roles, to provide analysts with a complete dossier of a user’s IT activity. The result is extremely precise attack detection and streamlined incident response that fit seamlessly into an existing SOC workflow.
Gartner’s mix of customer-based insight and technical expertise is a very useful directional beacon for fast-moving markets like UEBA. With this insight, security teams can focus on how to successfully utilize machine learning and behavioral analytics with guidance for which partners to prioritize.