Over the last several years, Google search results have morphed from millions of URLs being displayed, to a split screen of URL results on the left side of the page and a summarized set of information about the search term on the right side.
If you are looking for a person, place, movie etc., Google uses advanced analytics and data mining to predict the information you are looking for and present it in an easily consumed and understood format. Informally, this is known as “things, not strings,” and the goal is to use the power of machine learning to reduce the time and effort required to deliver the information you need. Save time, increase productivity.
For example, here are the search results for Alan Turing:
Chances are, anyone searching for Alan Turing will not need to dive into the links on the left side of the page because the information they were looking for is already anticipated and delivered by Google on the right. For anyone who has endlessly clicked through links to find a specific piece of information in context, this innovation is a major time saver.
From an innovation standpoint, Splunk arguably popularized the concept of easy search access to raw IT data. Debugging a server problem looks a lot like the original Google search: enter an IP address or hostname and all the relevant logs come back. This means lots of strings and lots of follow on work required to make sense of it all.
For a security analyst, the task of validating, investigating and responding to a high priority alert typically requires looking across many different data sources to assemble a complete picture of the attack: device status, IP address history and authentication, among others. Even if the data is located in a log platform like Splunk, the number of different searches and associated summarization tasks to convert these items into useful information can take hours.
Because Niara aggregates and analyzes the complete range of security-relevant IT data sources (network, logs, alerts, endpoint, etc.) on a carefully tuned big data platform, we can utilize an extensive set of analytics techniques to watch the data as it comes in, tag it for potential downstream interest and make it instantly available in context for either automated data mining or ad hoc search.
As a result, Niara delivers highly relevant, security-specific information akin to the Google’s information summary – something we call Entity360™. Just as Google anticipates what the searcher is looking for, Niara builds an on-demand security dossier for every user, system, IP address and entity, delivering the forensic and risk data a security analyst needs, in one screen, to rapidly make decisions on the severity and remediation process. From these strings come actionable information.
Visually, this is the difference between the Splunk monochromatic “strings” and Niara’s multi-dimensional, information-rich Entity360 integrated decision support.
To complete the comparison, we’ve seamlessly integrated Entity360 with Splunk and other log aggregation and SIEM platforms so that no matter where the user starts, anything they need is just a click away.
In the context of user behavior analytics (UBA), Niara uses machine learning and advanced analytics to not only detect attacks, but also to dramatically reduce the time and effort required to investigate and respond. It’s like adding more security analysts without hiring new employees! Inspired by Google, delivered by Niara, Entity360™ is the force multiplier that enterprise security teams need to stay ahead of advanced attacks.