Disrupt attacks with big data and real-time threat detection: HP
By Digital News Asia October 7, 2013
- HP says new data-driven security technologies designed to empower security teams to run more efficiently
- Staff can focus on getting meaningful security intelligence from big data; helps in eliminating blind spots
HEWLETT-Packard (HP) announced new and enhanced solutions that it said help organisations disrupt the life-cycle of a cyber-attack and improve the overall effectiveness of security operation teams through accelerated big data analytics and real-time, application-level threat detection.
The cyber-threat landscape is evolving faster than security teams can manage, causing many organisations to dramatically increase headcount and training programmes, HP said in a statement.
At the same time, the volume, velocity and variety of data is making it increasingly difficult to analyse and understand where security risks exist within an organisation. Limited resources and failing signature-based solutions are also limit security staffs’ ability to mount an effective defence.
HP said its new advanced, data-driven security technologies are designed to empower security operations teams to run more efficiently. This enables staff to focus on deriving meaningful security intelligence from big data and spend less time on system management, product deployment, risk assessment and manual vulnerability searching.
New HP ArcSight solutions identify and prioritise threats faster, combine security intelligence with business intelligence, and close potential blind spots at the application layer, giving customers greater control over their security environments, the company claimed.
“The exploding volume of data that organisations today must manage presents new security challenges as they try to predict, locate and disrupt cyberthreats,” said Christopher Poulos, vice president and general manager of Enterprise Security Products at HP Asia Pacific and Japan.
“The newly expanded HP ArcSight portfolio delivers solutions that help security teams and SOCs (security operations centres) prioritise risk, automate application-level threat detection and streamline security management to reduce exposure and increase effectiveness of protecting valuable data from internal and external theft,” he said.
Eliminating blind spots
While security spending continues to focus on the perimeter, 84% of business security breaches originate at the application layer; while mobile vulnerabilities have grown by 68%, HP said, citing the HP Cyber Security Risk Study, 2012.
The new HP ArcSight Application View solution closes this gap by integrating the HP ArcSight Security Information and Event Management (SIEM) platforms – ArcSight ESM and ArcSight Express – with HP Fortify Runtime to automatically detect and log application security events.
This gives security operations teams first-of-its-kind visibility into the application layer, helping to block attacks on applications in real-time and preventing data loss, identity theft and IP (intellectual property) loss from occurring, HP claimed.
To help organisations effectively defend against today’s targeted threats and manage the increasing volume of security-related data, HP has introduced HP ArcSight Risk Insight.
Incorporating key elements originally implemented in the HP ArcSight EnterpriseView product, ArcSight Risk Insight is delivered as an add-on to ArcSight ESM. The new solution helps security operations teams identify advanced attack targets, analyse current security technology deployments and weigh emerging risk to determine where to focus mitigation efforts.
ArcSight Risk Insight aggregates the threats identified in ArcSight ESM into clear Key Risk Indicators (KRIs) juxtaposed with a hierarchical, business-oriented view of the infrastructure.
The solution is designed to marry security intelligence with business risk and provide senior-level management teams with prioritised, strategic insight to security data with actionable intelligence to address risk.
Streamlined security operations management
Security operations teams are challenged by achieving balance between operational efficiency and conducting security intelligence research, especially as the scope and complexity of their SIEM and logging deployments grow, HP said.
The HP ArcSight Management Center is an enterprise-grade, centralised security management hub that enables ArcSight customers to effectively and efficiently manage large deployments of ArcSight Logger, ArcSight SmartConnectors and ArcSight Connector Appliance from a single console.
The ArcSight Management Center helps streamline centralised configuration management and compliance, while reducing the time it takes to alter the system or implement a policy change. This allows security operations teams to more efficiently allocate scarce resources, and focus on managing threats rather than disjointed tools and products.
Intelligence-driven threat detection
Security operations are rapidly evolving to become highly proactive programs that head off and prevent or contain security threats before they occur. These advanced use cases require accurate modelling and binding of large disparate, data sets spanning both human and machine information to be effective.
HP Software uses the HP Haven platform for connecting the dots between the various big data sets to address this specific need.
The HP Haven platform consists of Hadoop for raw data storage and batch mode analysis, HP Autonomy for human generated information processing, the HP Vertica Analytics Platform for broader big data analytics, and HP ArcSight ESM for real-time security monitoring and analytics, with applications running over the platform.
A key component of the HP Haven platform is the set of data engines it offers and connects together in a logical and effective manner, together with more than 700 connectors to a wide array of data sources.
Data collection, storage, monitoring and analysis are now possible under a single umbrella from HP Software, the company said.
The HP Haven platform also enables security operations teams to use the updated ArcSight Enterprise Security Manager (ESM) v6.5c to analyse security events in a broader context when used in conjunction with Hadoop, HP Autonomy or HP Vertica Analytics Platform data stores.
This allows customers to benefit from an accurate prioritisation of risks and anomalies as well as advanced insider threat patterns.
Pricing and availability
HP ArcSight Application View is available immediately worldwide. A 30-day free trial offer is available, with pricing starting at US$2,000 per application following the conclusion of the trial period.
HP ArcSight Risk Insight is expected to be available this fall (September-November); while HP ArcSight Management Center will eb available sometime in October.
HP ArcSight Enterprise Security Manager (ESM) v6.5c is available as hardware or software, providing flexible deployment options for any environment, and is expected to be available in October.
HP gets serious about security, controversial Autonomy deal bearing fruit
‘You may never want to go online again’
Big data approach can help shore up cyber-defence: RSA
RSA Silver Tail enlists big data analytics for cyber-defence
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.