In the salad days of internet security, we were faced with threats like SQL Slammer and the ILOVEYOU virus. In those instances, the attacker was obvious and the fix was relatively simple, especially compared to today’s advanced attacks. The indiscretions of youthful security could be counteracted with antivirus solutions without the complicated algorithms behind security intelligence and forensics.

Today, since threats often come from inside our own networks, an advanced behavior analytics solution is an essential ingredient for any cybersecurity pantry.

The Right Ingredients

Organizations frequently conduct investigations on security incidents with limited context. A major problem is that these incidents are accompanied by either few breadcrumbs to follow or several loaves worth of croutons strewn about the network. It’s important to use a solution that reduces the time and resources required to diagnose and respond to an attack.

To further complicate matters, many of these attacks are attributed to legitimate credentials on the network. The second layer of defense is the ability to detect advanced attacks that evade real-time defenses using these valid credentials. Enter user behavior analytics.

Introducing Niara

Niara’s user and network entity behavior analytics solution deploys supervised and unsupervised machine learning models running on a Spark/Hadoop platform to spot small, telltale changes in user or system behavior. These breadcrumbs can be indications of a gestating attack, in which case Niara can automatically aggregate and summarize the forensic data necessary for triage and response with a security intelligence solution. This technique worked at a legal firm, where Niara analyzed authentication and activity patterns to detect instances of password sharing among employees.

Niara uses more than 100 machine learning models that provide a unified view of all IT activity, including packets and flows, logs and alerts, and external threat intelligence. With an enterprise scale that can monitor over 100,000 entities for abnormal behavior, Niara seamlessly integrates with the IBM QRadar console, analytics and workflow.

This workflow integration is particularly key for supporting forensic data analysis and alert triage. One organization saved an average of 30 hours per investigation by using the forensic information within Niara’s solution.

Niara Behavioral Analytics from Niara on Vimeo

From Days to Minutes

Between Niara and QRadar, full visibility across the IT ecosystem means no blind spots in the machine language coverage and attack detection. The seamless integration of the attack alert, a full description of the behavior analytics and supporting information means that incident response is reduced from hours and days to minutes with just a few clicks to get down to the packet level.

For one financial services client, Niara leveraged behavioral techniques to analyze activity data for employees. It detected two employees trying to exfiltrate data to Dropbox in violation of corporate security policy. For a high-tech customer, Niara machine learning identified a small change intended to spoof a sender’s email address (for example, N1ara.com versus Niara.com) to detect a targeted whaling attack.

Whaling is a particular type of phishing email typically targeting the financial department of a company. It appears to come from a high-level executive, likely a CEO or CFO, looking for an immediate transfer of funds. But the real destination for the funds is the attacker’s bank account. Domain spoofing, a technique that causes the source of the malicious message to appear legitimate, is the most popular strategy in whaling.

Learn More About Behavior Analytics

Visit the IBM Security App Exchange to try Niara’s integration with QRadar for yourself. You can also learn more about Niara’s user and network behavior analytics solution in the upcoming webinar “Detect and Respond to Threats Better With IBM Security App Exchange Partners,” scheduled for Nov. 8, 2016.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today