Businesses need smarter tools to battle today's wide ranging and fast-evolving IT security threats, which is the reason Hewlett Packard Enterprise (HPE) has added a company called Niara to its arsenal.
Announced Wednesday, the acquisition is aimed at boosting HPE's existing security portfolio with new tools based on user and entity behavior analytics. Niara's technology works by analyzing the typical behavior of individual users across an enterprise, and then watching for any activity that differs from the norm.
HPE did not disclose the terms of the transaction. The company said Niara will operate as part of HPE Aruba, the business division formed when HPE acquired Aruba Networks in 2015.
The Niara acquisition is also a reunion of sorts, as Niara's co-founders, CEO Sriram Ramachandran and vice president of engineering Prasad Palkar, are Aruba veterans, as are several other Niara engineers who will now be joining HPE.
Needed a 'Threat Hunting Tool'
"We needed a more proactive approach to hunting for threats that may have already entered the network and shutting them down with enforcement tools," HPE Aruba senior vice president and general manager Keerti Melkote said in a blog post. "We needed a threat hunting tool that would be more proactive in surfacing potential threats on the network."
Melkote, who co-founded Aruba Networks in 2002, added, "Niara's value proposition resonated strongly with me, as it does with many of their customers, and I am eager to share this best-in-class technology with our HPE Aruba customers."
While Aruba's ClearPass Policy Manager lets businesses set user privileges to help with security enforcement, Niara's technology relies on behavioral analytics to keep track of user activity and watch for anomalies. The company's solution watches and analyzes packet streams, then compares those to the behavioral baseline it established for each user to see if anything out of the ordinary is occurring.
"After a baseline is established, the software actively looks for anomalous, inconsistent activities that may indicate a security threat," Melkote said. "Investigating individual security incidents that can take up to 25 hours each via traditional manual processes can now be performed in less than a minute, in four mouse clicks, due to the power of machine learning."
Change at 'Speed and Scale We've Never Seen'
According to a report released last month by HPE, enterprises need a balanced approach to security that uses both people and technology to monitor, analyze and respond to cybersecurity threats.
"[O]rganizations that have adopted hunt team capabilities as an add-on to their existing real-time monitoring programs have seen success in rapid detection of configuration issues, previously undetected malware infections, and SWIFT attack identification," HPE Security vice president of professional services Matthew Shriner wrote in the introduction to HPE's "State of Security Operations 2017" report. The report's findings "will help the industry to really understand what works and what doesn't with security data analytics and hunt capabilities," Shriner added.
The HPE report recommended that enterprise security operations centers pay closer attention to "the basics of risk identification, incident detection, and response." It also advised businesses to automate data collection, analysis and responses where possible; periodically assess objectives for risk management, security and compliance; and use hybrid staffing or outsourcing if their existing security teams are understaffed.
"Today's digital environment is driving a new generation of applications, workloads and data that is radically different from what we have known, and is moving and changing at a speed and scale we have never seen," HPE Enterprise Group executive vice president and general manager Antonio Neri wrote this week in a blog post. "Traditional IT infrastructure and operations simply weren't built for this new set of demands -- and the complexity is increasing every day. In this new world, our customers need a new approach to manage apps and data across multiple environments."