Startup Niara has come out of stealth to do battle in the growing field of security intelligence and analytics where it detects and correlates anomalous behaviors and assigns confidence scores that indicate whether they should be further investigated as threats.
Niara Security Intelligence is a software platform that gathers data from TAP or SPAN ports on routers, logs, SIEMs, IDSes and other third-party products customers may already own.
Its Niara Analyzer crunches the data and correlates events that could represent attacks, assigns severity scores and issues alerts that can be drilled into by security analysts to reveal the underlying forensic elements from which the analyzer concluded threats.
The goal is to help customers find attacks that other security platforms – firewalls, intrusion prevention systems, antivirus, etc. – might miss by linking together events that on their own don’t represent trouble but when strung together indicate multi-stage attacks unfolding, says Sriram Ramachandran, CEO of Niara. It also helps filter out some of the noise created by alerts being fired off from other platforms, he says.
The threats are aggregated in the context of entities, the term with which Niara describes users, devices and applications. Niara Security Intelligence profiles entities based on their historical behavior but also on their behavior in comparison to other entities in their peer group. So is a user in sales doing something different from everyone else in sales? Is a device attempting network connections that its peer devices do not? Nira calls its profiles of users, applications and devices Entity 360 Profiles.
What Niara does overlaps with elements of what other vendors do, including Bit9+Carbon Black, Black Ensilo, Fireeye, Guidance, LightCyber, Outlier, Promisec, Resolution1 Security, and Tanium.
The company is backed by two rounds of venture funding totaling $29.4 million from Venrock, New Enterprise Associates (NEA) and Index Ventures.
It was founded in the summer of 2013 by Ramachandran and other veterans of traditional security companies seeking a way to catch complex attacks that these traditional technologies missed.
The name Niara means haystack in Spanish. He says it has no particular significance for the company other than it was a name and that the word was available as a URL. However, if it did refer to finding needles in haystacks, he says it would really be about threading the needles together after they were found.
This story, "Startup Niara aims to catch stealthy attacks" was originally published by Network World.