For an elephant, Hadoop moves pretty quickly. However, unlike an elephant, Hadoop hardly resembles a monolithic behemoth. Individual modules update asynchronously and new functionality is continuously hatched in support of new applications and use cases. Those that build mission-critical Hadoop solutions need a like-minded partner to help tame the beast.
When we began work on the Niara Behavior Analytics platform, we needed a solution with the compute and storage scale of Hadoop to solve thorny enterprise security challenges such as detecting cyber-attacks and malicious insiders that have breached real time defenses and provide an integrated forensic framework to accelerate incident investigation and response. In retrospect, choosing a Hadoop architecture was an easy decision and the right choice—the UBA vendors who are just now moving to Hadoop are testimony to that! Deciding on which Hadoop components to use and which distribution to build on was much more difficult.
We chose to run on Cloudera Enterprise and are excited that Cloudera just announced an expansion to our partnership. As we have for the past three years, we continue to leverage Cloudera’s:
- Early and aggressive support for key components such as Apache Spark, which enables advanced analytics and efficient data streaming at scale.
- Frequent, well-tested and stable releases, closely following the latest versions of Apache Hadoop.
- Well-designed and documented APIs for Cloudera Manager that allow us to easily automate installation, configuration and monitoring tasks. The large collection of metrics and customizable dashboards makes troubleshooting much more efficient.
- Ease of continuous monitoring with configurable custom metrics and triggers, events and email alerts with continuous health checks.
- Flexible installation options, parcels and RPMs plus host templating to easily configure clusters of different sizes.
- Wide support for high availability features.\
Using Cloudera Enterprise, Niara has built an enterprise-class security solution that uniquely combines the four essential architectural elements for comprehensive Behavior Analytics:
- Data Completeness. Full range of data sources including logs, flows, packets, end points, servers, alerts and external threat feeds.
- Advanced Analytics. Over 100 supervised and unsupervised machine learning models find small changes in baseline behavior that, when put into context and tracked over time, can signal a slowly-gestating attack.
- Integrated Forensics. Once an alert has been identified, analysts have one-click access to layered forensics – from packets and logs to all the events contributing to an entity’s risk score, without having to find, search, and analyze across isolated data stores.
- SIEM Supplement and Integration. Seamless integration with existing SIEM and incident response workflow, case management, etc. so that the results of Niara machine learning analytics and associated forensic data are instantly available from the SOC console.
By building on the rich, reliable Hadoop ecosystem from Cloudera, Niara delivers the Network and User Behavior Analytics scale and functionality that enterprises require.