Hewlett Packard Enterprise (HPE) has been very busy since the separation of HP Inc. and HPE, doing spin-mergers, spin-outs and resetting for a much leaner and faster future. This never meant they wouldn’t acquire companies; in fact, they have indicated a few areas where this made sense, one of them being edge security. Two weeks ago, HPE announced their acquisition of Niara, who many consider an up-and-comer, focusing on User and Entity Behavior Analytics (UEBA).
Integrating with HPE’s existing Aruba ClearPass portfolio, Niara’s solutions leverage big data analytics and machine learning to help businesses better protect their enterprises against next-gen cyberattacks. In the increasingly interconnected, IoT-driven world, the need for advanced, effective security is rapidly growing. With this new acquisition, HPE is clearly positioning itself as a company on the forefront of edge security. I think this cutting-edge class of network security will be a great addition to HPE’s already solid Aruba ClearPass security portfolio. Clearly HPE does too—Keerti Melkote (HPE Aruba senior VP and GM) stated that the acquisition will create the “most complete visibility and attack detection system” in the industry. It all serves to advance HPE’s overall stated strategy: “the transformation of workplace and operational experiences for mobile and IoT devices.”
Previously, when intruders broke through firewalls and immediately caused chaos, similar to what law enforcement would term “smash and grab.” But today’s cybercriminals are far more cunning, breaking in and then remaining on the inside for days, weeks or even months before they are detected. This pattern makes their business impact infinitely greater, requiring more sophisticated tools to profile and protect enterprises.
How It Works
UEBA is a new class of security technology that uses analytics to handle advanced security threats—the kinds that have the potential to penetrate traditional firewalls and perimeter systems. Niara’s software establishes baseline characteristics for all users, devices and even systems. It then monitors and detects unusual, anomalous access to data and systems from inside the network. For instance, the accounting server may have permission to access the employee database to process payroll, but access on a Tuesday at 2AM, (while permitted) might be flagged as suspicious, even though there is a trusted relationship. IoT devices, while authorized to send data to an external cloud service might be flagged if their traffic patterns suddenly increase, decrease or show other abnormalities not matching “typical usage.” This profiling is done by applying advanced machine learning algorithms to network packet streams—previously unattempted due to the immense volume of data generated by such analysis. The packet stream analysis enables Niara to detect the origin of threats that are already inside the network.
The solution purportedly cuts down on the time, effort, and skill needed to respond to threats, by automating the detection of attacks. When Niara stumbles upon a potential threat, a ClearPass network access policy can automatically trigger, isolating or blocking the user, device or server from the network, protecting sensitive data.
Melkote says that Niara’s machine learning and analytics capabilities reduce the time to identify and respond; an incident that might traditionally require up to 25 hours to handle can now be addressed in less than a minute. While this is an impressive leap, your mileage may vary, depending on exact circumstances.
Interestingly, two of the Niara co-founders (Sriram Ramachandran, CEO, and Prasad Palkar, VP of Engineering) actually helped develop some of the core ArubaOS technologies —so the two companies have some long-standing ties through HPE’s acquisition of Aruba. Call me crazy, but I’ve got a sneaking suspicion that this connection may have helped with the seamless integration of the two companies’ technologies.
Part of a Bigger Acquisition Strategy
Antonio Neri (HPE’s Enterprise Group Executive VP and GM) summed up the company’s vision in a blog post on Wednesday: “We are working towards our vision of being the industry’s leading provider of hybrid IT, built on the secure, next-generation, software-defined infrastructure that will run customers’ datacenters today, bridge to multi-cloud environments tomorrow, and power the emerging intelligent edge.” This aligns with several strategic acquisitions Hewlett Packard Enterprise has made recently—all with Neri’s strategy in mind. Last month, HPE agreed to acquire SimpliVity—a top provider of software-defined, hyperconverged infrastructure. That same month, in a move to strengthen their services offerings, they also announced they’d be acquiring Cloud Cruiser, a provider of cloud consumption analytics software. These acquisitions, along with that of Niara, seem to be setting HPE’s course for 2017.
All in all, I think the acquisition of Niara makes a lot of sense: it’s in line with HPE’s stated strategy and aligns with what customers are demanding. Business transformation brings an abundance of users, interconnected applications, devices (like IoT) and locations (edge compute), all of which will increase the importance of security with UEBA playing an important role in protecting it all. It’s also time that we realize the bad guys will get in and companies need to invest more into technologies to protect from internal threats.
This acquisition is aligned with, and can bolster HPE’s software-defined, hybrid infrastructure vision, and with the two companies’ shared history, the integration should be relatively painless. Looking forward, it’s hard to see any real downsides to the deal, but I’ll continue to watch with interest.