Using analytics to detect internal attacks

Security analysts can struggle to cope with the large volumes of alerts generated by multiple security tools. This can make it hard to distinguish anomalies from genuine malicious actions.

To provide organisations with additional context and more accuracy to detect malicious attacks, even those that originate internally, security analytics specialist Niara is launching a new version of its platform to deliver user and entity behaviour analytics (UEBA) on network packet and flow data, in addition to log data.

"Most analytics tools today only look at log data. While this is a critical part of identifying attacks on the inside, it's only part of the puzzle," says Sriram Ramachandran, CEO and co-founder of Niara. "To get the most accurate information for attack detection, you must be able to analyse relevant security data from any source, regardless of volume, including log, flow, packet and threat intelligence sources. Having this higher fidelity picture allows you to drastically reduce the volume of alerts that security analysts have to sort through and validate, making them quicker and much more effective".

By profiling a range of behaviours including authentication, remote access, resource access, file, protocol, and peer-to-peer analytics, Niara can deliver a spectrum of analytics to not only detect anomalous behaviours, but more reliably spot those with malicious intent.

These analytics are combined with deep forensics, integrating them into a single system that provides analysts with a closed loop workflow from detection and investigation through to fix. Niara also integrates with third-party security information and event management (SIEM) systems, such as Splunk and HP ArcSight, to enable analytics-driven intelligence and improved visibility into attacks.

Deployable on premise or in the cloud, you can find out more about the latest Niara platform on the company's website.

Image Credit: Manczurov / Shutterstock