Gigamon and Niara: Cyber Hurricane Hunters

22 Nov

Gigamon and Niara: Cyber Hurricane Hunters

in Blog, Perspectives

by Larry Lunetta



I’m always amazed by the intrepid hurricane hunters who jump into airplanes and deliberately fly from one side of a hurricane to the other in order to help forecast its intensity and trajectory.  Despite meteorological sensors, computer models and prior experience, there is still no substitute for being inside the storm.

When it comes to storms in clouds of the IT variety (think AWS) the same observation applies to detecting and responding to attacks.  Today Gigamon announced the Gigamon Visibility Platform for Amazon Web Services (AWS) EC2, which for a User and Entity Behavior Analytics solution like Niara, is the equivalent of putting our machine learning attack detection and accelerated incident response in the middle of the hurricane.  Up to now, security products used only indirect methods to determine if an attack was underway in cloud workloads.  Even Cloud Access Brokers can only see what goes in and what goes out of cloud applications—but what happens behind the load balancers and within and between the virtual machines that comprise cloud-based solutions is a complete black box.  Other security products are even further removed from the action.

With Niara’s integration with Gigamon’s Visibility Platform for AWS, our behavioral analytics now have access to the network traffic inside the cloud.  This opens up our baselining capabilities and anomaly detection for users, systems and IP addresses to what has been up to now hidden behind the cloud wall, so we can find unusual activity that can indicate a gestating attack.   This means that cloud-based and on-prem workloads now have the same visibility and oversight and in fact will increase the precision of the risk scoring that leads to alerts and follow-on investigations.

Niara is the only UEBA solution that can leverage this breakthrough by virtue of the seamless integration of log and network-based IT activity data within a big data-based platform.  Niara’s software-based packet processor allows us to connect with and execute in AWS alongside Gigamon’s Visibility Platform, which enables us to do deep packet inspection and metadata extraction on all the traffic flows in the cloud.  Others may do that, but stop there.  Niara adds cloud packet visibility to rich log sources such as AD, DNS, VPN, web proxy, dlp, etc. to provide the most complete visibility of the IT ecosystem.   The on-prem-based user and entity behavior analytics designed to identify attacks on the inside of organizations before they do damage are no longer blind to cloud behavior.

When enterprise IT teams are asked about their number one concern in moving to the cloud, security is typically the answer.  With the combination of the Gigamon Visibility Platform for AWS and Niara’s UEBA attack detection and incident response, customers can accelerate their migration to AWS knowing that they are not compromising on their ability to protect the organization. 

And because Niara can run both its packet processor and Spark/Hadoop-based Analyzer in AWS, the security team has a front row seat on any storms that may develop—just like the hurricane hunters, but with a much smoother ride.  


Tags: Blog, Perspectives