Why should you choose Niara? It’s simple: Niara’s security analytics platform automatically detects attacks on the inside and serves as a force multiplier for security analysts, whether Niara is deployed standalone or integrated with other security components. Niara’s technology integrates with HP ArcSight, Cloudera and most recently, Gigamon’s GigaSECURE platform and the Gigamon Metadata Engine.
Niara provides analysts with comprehensive visibility into attack activity within corporate networks by applying analytics to the broadest variety of data sources (i.e., packets, flows, logs, files, alerts and threat feeds). At RSA Conference 2016, we are giving live demos, showing how Niara brings a variety of data sources into its analytics. Visit the Gigamon booth (#S1227) to learn more about this week’s Gigamon announcement or the Niara booth (#3135) to check out our Splunk integration.
Above is a sneak peek at the Niara-Splunk integration. The image shows you just how easy it is for an analyst to move from the unidimensional view of HTTP log data for a particular host provided by a Splunk search, to the comprehensive view available through Niara’s Entity360 risk profile.
The Entity360 profile shows the IP address correlated to a user (mjohnson in this example) and brings in additional data sources for analysis such as analytics on DNS traffic to identify malware using domain generated algorithms (DGA). It also provides visualizations of how the user’s risk profile changes over time, high severity alerts map to the attack kill chain, and how other alerts contribute to the risk score as well as the the ports and applications being used. The full spectrum of machine learning-based analytics that Niara provides is extremely useful for improving SOC efficiency, and all of it is accessible to analysts from within their existing workflows.
Want to see more? Come visit Niara at booth number 3135 at RSA Conference 2016. We’d love to chat!