In the salad days of internet security, we were faced with threats like SQL Slammer and the ILOVEYOU virus. In those instances, the attacker was obvious and the fix was relatively simple, especially compared to today’s advanced attacks. The indiscretions of youthful security could be counteracted with antivirus solutions without the complicated algorithms behind security intelligence and forensics.

Today, since threats often come from inside our own networks, an advanced behavior analytics solution is an essential ingredient for any cybersecurity pantry.

The Right Ingredients

Organizations frequently conduct investigations on security incidents with limited context. A major problem is that these incidents are accompanied by either few breadcrumbs to follow or several loaves worth of croutons strewn about the network. It’s important to use a solution that reduces the time and resources required to diagnose and respond to an attack.

To further complicate matters, many of these attacks are attributed to legitimate credentials on the network. The second layer of defense is the ability to detect advanced attacks that evade real-time defenses using these valid credentials. Enter user behavior analytics.

Introducing Niara

Niara’s user and network entity behavior analytics solution deploys supervised and unsupervised machine learning models running on a Spark/Hadoop platform to spot small, telltale changes in user or system behavior. These breadcrumbs can be indications of a gestating attack, in which case Niara can automatically aggregate and summarize the forensic data necessary for triage and response with a security intelligence solution. This technique worked at a legal firm, where Niara analyzed authentication and activity patterns to detect instances of password sharing among employees.

Niara uses more than 100 machine learning models that provide a unified view of all IT activity, including packets and flows, logs and alerts, and external threat intelligence. With an enterprise scale that can monitor over 100,000 entities for abnormal behavior, Niara seamlessly integrates with the IBM QRadar console, analytics and workflow.

This workflow integration is particularly key for supporting forensic data analysis and alert triage. One organization saved an average of 30 hours per investigation by using the forensic information within Niara’s solution.

Niara Behavioral Analytics from Niara on Vimeo

From Days to Minutes

Between Niara and QRadar, full visibility across the IT ecosystem means no blind spots in the machine language coverage and attack detection. The seamless integration of the attack alert, a full description of the behavior analytics and supporting information means that incident response is reduced from hours and days to minutes with just a few clicks to get down to the packet level.

For one financial services client, Niara leveraged behavioral techniques to analyze activity data for employees. It detected two employees trying to exfiltrate data to Dropbox in violation of corporate security policy. For a high-tech customer, Niara machine learning identified a small change intended to spoof a sender’s email address (for example, versus to detect a targeted whaling attack.

Whaling is a particular type of phishing email typically targeting the financial department of a company. It appears to come from a high-level executive, likely a CEO or CFO, looking for an immediate transfer of funds. But the real destination for the funds is the attacker’s bank account. Domain spoofing, a technique that causes the source of the malicious message to appear legitimate, is the most popular strategy in whaling.

Learn More About Behavior Analytics

Visit the IBM Security App Exchange to try Niara’s integration with QRadar for yourself. You can also learn more about Niara’s user and network behavior analytics solution in the upcoming webinar “Detect and Respond to Threats Better With IBM Security App Exchange Partners,” scheduled for Nov. 8, 2016.

More from Intelligence & Analytics

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Cyber Storm Predicted at the 2023 World Economic Forum

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely that a cyberattack will affect their organization severely in the next two years. With cybersecurity concerns on everyone’s mind, the topic received top billing at the recent World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. At the meeting, Matthew…

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…