Splunk installations can add machine learning-enabled attack detection and visibility with integrated forensics while avoiding “tax” on valuable high-volume data sources
Sunnyvale, CA. – July 12, 2016 – Niara, a recognized leader in User and Entity Behavior Analytics (UEBA), today announced Niara BASIS™ (Behavior Analytics Security Integration for Splunk™), a bi-directional integration between Niara’s machine learning-based attack detection and visibility platform with any Splunk Enterprise installation.
Sophisticated attacks routinely evade Security Information and Event Management (SIEM) solutions that use signature and rule-based detection techniques, infiltrating organizations and compromising critical IT assets. To combat these attacks, security teams are turning to a new class of UEBA products to supplement existing security approaches. UEBA products use machine learning and other advanced analytics techniques to automatically find deviations in behavior that, when put in context over time, can detect risky behaviors and gestating attacks.
“Splunk is the standard for log aggregation and IT operations management,” said Rob Davis, founder and managing partner, Critical Start. “Customers are now looking for Splunk supplements that build on the basic log framework to deliver new attack detection and incident response capabilities beyond what Splunk Enterprise can deliver. Niara’s UEBA solution integrated with Splunk instantly turbocharges enterprise security efficiency and effectiveness.”
Niara’s UEBA solution seamlessly integrates with Splunk via BASIS to dramatically improve Splunk ROI and security results by providing:
- New machine learning-based attack detection capabilities tuned to detecting exploits that evade signature- and rule-based real-time defenses such as compromised users and hosts as well as negligent or malicious insiders
- Richer and more powerful incident investigation and threat hunting capabilities that increase the efficiency of an overworked security team.
Niara customers in healthcare, high tech and financial services have deployed UEBA capabilities to complement their Splunk deployments for detecting and investigating attacks involving ransomware and data exfiltration attempts before damage is done in their organizations.
“Niara offers multiple points of integrations into a Splunk deployment,” said Karthik Krishnan, vice president of product management, Niara. “Niara can easily consume data from Splunk Enterprise through APIs for its behavioral analytics. Through technology add-ons, the results of Niara’s analytics can be fed back directly into Splunk and used by analysts for alert prioritization, incident investigation and threat hunting efforts.”
Compared to other Splunk options, Niara’s BASIS integration provides many benefits including:
- Greater visibility and more precise attack detection. Niara provides machine learning models tuned to the complete range of data sources including network, logs, endpoint, data loss prevention and external threat feeds among others. Splunk’s capabilities with network-oriented packet and flow information are limited, and by the time these sources get to the analytics, the value is dramatically reduced.
- Avoiding the Splunk tax on high-volume data ingestion. Niara can directly ingest high-volume and high-value data sources to augment existing Splunk data and provide a more accurate picture of threats inside an organization at much lower cost.
- Eliminating Splunk Enterprise Security lock-in. The Niara BASIS integration is a general-purpose SIEM supplement and enables any enterprise to combine basic Spunk log aggregation with other SIEMs such as IBM QRadar, HPE ArcSight and Intel ESM.
Niara’s behavioral analytics platform automates the detection of attacks and risky behaviors inside an organization and dramatically reduces the time and skill needed to investigate and respond to security events. The solution applies machine learning algorithms to data from the network and security infrastructure to detect compromised users, entities, and negligent or malicious insiders, reduce the time for incident investigation and response, and speed threat hunting efforts by focusing security teams on the threats that matter. Headquartered in Sunnyvale, Calif., the company is backed by NEA, Index Ventures and Venrock. For more information, visit www.niara.com.
LEWIS for Niara