It's installed by Lion. It's a daemon that handles the netbios service, which handles communication across your LAN and has been around for ages.
While I don't know for sure how Lion makes use of it, I imagine it might be connected with AirDrop, which is a new sharing service in OS X 10.7. Again, that's just an assumption.
Hope that offers some help. You could try using AirDrop with the connection blocked. If it works, then leave it as is.
Network Basic Input/Output System.
NetBIOS is a communication protocol, sort of a languace that computeres talk to each other in. What disturbs me is that at least some communications seem to go directly out through this process and not the respective processes that initiated tem.
That means NetBIOSd (the process not protocoll) appears to have devolved (from a firewall/net security point of view) to be a method of bypassing your firewall, it seems that certain applications can ask NetBIOS to ping locations on it's behalf... I do not know whether they are actually able to send data or not but according to the specification of the protocol itself they should be able to. Even if they cannot, at the very least they can 'know' that they have been firewalled by using NetBIOS to ping the location other behalf and seeing if it unreacheable too.
Due to the fact that NetBIOS is a Unix/BSD method of achieving said way, and was probably left in to make the Network Utility backend and not much else, I am inclined to block it. If any application whatsoever can make a connection via this daemon without the connection being traced back to that application, then a malicious application/user can most probably take advantage of it to contact a remote network once seeded/send out important user information/do any host of malicious things, all whilst looking like a humble part of the OSX system.
This is very much the problem that I used to have in Windows with Services all being hosted as multiple svchost processes... very much destroying your ability to destroy them as you see fit in the event of a virus threat... not to mention COM events, which did just this and allowed applications to ask windows to do things on it's behalf. Many a good virus shut your system down using COM (as in locked you out) the moment they got hands on elevated priviledges.