Traveling at 200,000 MPH? That’s An Anomaly Worth Investigating!

03 Mar

Traveling at 200,000 MPH? That’s An Anomaly Worth Investigating!

in Blog, Product

by Nikfar Khaleeli

Niara’s security analytics produce credible, robust results, enabling security analysts to cut through alert white noise. That’s a good thing given the acute shortage of cybersecurity talent. Niara makes this possible by innovatively combining supervised, semi-supervised and unsupervised machine learning techniques to identify anomalous actions and more reliably link maliciousness to them.


For example, the screenshot above shows an alert that was raised because Niara has observed travel at speeds that far exceed what’s physically possible: a user apparently moved at over 200,0000 miles per hour. If travel at that speed were possible, I would go on so many more international trips! However, that isn’t the case and it isn’t a spurious alert.

Niara’s behavioral analytics have learned that user bsmith usually VPNs in from California. When bsmith logs in from Sunnyvale, and then a short time later logs in from India, Niara triggers an alert. Why? Because one of the many things that Niara’s behavioral analytics does is to automatically learn the home geographies of every user’s VPN access. By performing a thorough analysis of VPN logs, Niara raises an alert when a user logs in from a new location that violates the physical limitation of movement. And Niara is smart enough to distinguish normal behavior from anomalies without any rules or system configuration.

This alert could either be the result of password sharing, which would be a policy violation, or stolen credentials being used for a VPN-based infiltration attempt. Regardless, it warrants further investigation.

Behavioral analytics on VPN logs is just one of the many types of analytics that Niara uses to create comprehensive risk profiles to provide extensive information about attacks. This week we are at booth N3135 at RSA Conference 2016 and performing live demos of Niara. Come by and learn more about the breadth of analytics we can perform and how it enables better attack detection, making incident investigation and triage that much easier.


Tags: Blog, Product