During our webinar last week with Intel Security, Eric Ogren from the 451 Group highlighted how machine learning-based security analytics (he calls the general category “Applied Behavior Analytics”) will form the basis of the next $1B+ security market opportunity. He subdivides ABA into several categories but for the space that Niara represents, User and Network Behavior Analytics, Eric forecasts a 40% CAGR and an eye-popping estimated 2021 revenue of $1.3B.
The specific numbers are perhaps less important than the relative size of the estimates—at its current rate of growth, UNBA is fast approaching SIEM-like importance in terms of its role in the enterprise security ecosystem. The points we discussed in the webinar indicate why this is the case.
- Thriving in the world of “gray”. As Eric mentioned, enterprise security teams need better tools to find attacks that are designed specifically to evade real time defenses--products that use patterns, rules and signatures to flag binary conditions: black=bad, white=good. Because these attacks typically coopt legitimate user credentials, it is only by finding, aggregating and understanding small changes in behavior (gray signals) that attacks on the inside can be found. UBA and the associated machine learning detection models add a “second dimension” of analytics that complements and enhances current techniques.
- Install and Enhance, not Rip and Replace. The UBA Spark/Hadoop platform scale to extend the value of SIEM’s by leveraging the data aggregation that is already done, adding high-volume sources such as network traffic and DNS to the mix and applying machine learning over extended periods of time to produce precision alerts. With a small app that installs on the SIEM console, UBA delivers not only alerts but complete a forensic record within the existing SIEM workflow.
- Real ROI. Security teams are on the eternal quest to answer the CFO question: “what’s the return on my security investment?” Often the answer is (legitimately) fairly tortuous. UBA uniquely delivers measurable ROI simply by eliminating “swivel chair investigations” that consume hours and days to complete. Niara customers report measured reduction of up to 30 hours per investigation resulting in 10’s of thousands of dollars in monthly savings (infographic).
- The Last “Mile”: Closed-loop Remediation via Federated Security Ecosystems. As was discussed in the webinar, full-line security vendors like Intel Security are introducing security “fabrics” such as DXL, which bring together many different security solutions in a federated system of “publish and subscribe” access. Practically this means that UBA can both access a wide range of raw data and initiate either supervised (manual) or policy-driven automated remediation through systems like ePO based on the attacks that are detected. Actions such as quarantining, re-authentication, privilege change, etc. can now be confidently taken.
By all accounts, 2017 is shaping up to be the breakout year for UBA, putting it well on the way to the billion dollar mark.