HP Helps Customers Disrupt Attacks With Real-Time Threat Detection

HP has announced new and enhanced solutions that help organisations disrupt the life cycle of a cyber-attack and improve the overall effectiveness of security operation teams through accelerated big data analytics and real-time, application-level threat detection.

The cyber threat landscape is evolving faster than security teams can manage, causing many organisations to dramatically increase headcount and training programs. At the same time, the volume, velocity and variety of data is making it increasingly difficult to analyse and understand where security risks exist within an organisation. Limited resources and failing signature-based solutions are also limit security staffs’ ability to mount an effective defence.

HP delivers advanced, data-driven security technologies designed to empower security operations teams to run more efficiently. This enables staff to focus on deriving meaningful security intelligence from big data and spend less time on system management, product deployment, risk assessment and manual vulnerability searching. New HP ArcSight solutions identify and prioritise threats faster, combine security intelligence with business intelligence, and close potential blind spots at the application layer, giving customers greater control over their security environments.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

“The exploding volume of data that organisations today must manage presents new security challenges as they try to predict, locate and disrupt cyberthreats,” said Ranndeep Singh Chonker, country manager, HP Enterprise Security Products, India. “The newly expanded HP ArcSight portfolio delivers solutions that help security teams and SOCs prioritise risk, automate application-level threat detection and streamline security management to reduce exposure and increase effectiveness of protecting valuable data from internal and external theft.”

While security spending continues to focus on the perimeter, 84 percent of business security breaches originate at the application layer and mobile vulnerabilities have grown by 68 percent. The new HP ArcSight Application View solution closes this gap by integrating the HP ArcSight Security Information and Event Management (SIEM) platforms—HP ArcSight ESM and HP ArcSight Express—with HP Fortify Runtime to automatically detect and log application security events. This gives security operations teams first-of-its-kind visibility into the application layer, helping to block attacks on applications in real-time and preventing data loss, identity theft and IP loss from occurring.

To help organisations effectively defend against today’s targeted threats and manage the increasing volume of security-related data, HP has introduced HP ArcSight Risk Insight. Incorporating key elements originally implemented in the HP ArcSight EnterpriseView product, HP ArcSight Risk Insight is delivered as an add-on to HP ArcSight ESM. The new solution helps security operations teams identify advanced attack targets, analyse current security technology deployments and weigh emerging risk to determine where to focus mitigation efforts. HP ArcSight Risk Insight aggregates the threats identified in HP ArcSight ESM into clear Key Risk Indicators (KRIs) juxtaposed with a hierarchical, business-oriented view of the infrastructure. The solution is designed to marry security intelligence with business risk and provide senior-level management teams with prioritised, strategic insight to security data with actionable intelligence to address risk.

Security operations teams are challenged by achieving balance between operational efficiency and conducting security intelligence research, especially as the scope and complexity of their SIEM and logging deployments grow. The HP ArcSight Management Center is an enterprise-grade, centralised security management hub that enables HP ArcSight customers to effectively and efficiently manage large deployments of HP ArcSight Logger, HP ArcSight SmartConnectors and HP ArcSight Connector Appliance from a single console. The HP ArcSight Management Center helps streamline centralised configuration management and compliance, while reducing the time it takes to alter the system or implement a policy change. This allows security operations teams to more efficiently allocate scarce resources, and focus on managing threats rather than disjointed tools and products.

Intelligence-driven threat detection through security and broader operations data
Security operations are rapidly evolving to become highly proactive programs that head off and prevent or contain security threats before they occur. These advanced use cases require accurate modelling and binding of large disparate, data sets spanning both human and machine information to be effective. HP Software utilises the HP Haven platform for connecting the dots between the various big data sets to address this specific need.

The HP Haven platform consists of Hadoop for raw data storage and batch mode analysis, HP Autonomy for human generated information processing, the HP Vertica Analytics Platform for broader big data analytics, and HP ArcSight ESM for real-time security monitoring and analytics, with applications running over the platform. A key component of the HP Haven platform is the set of data engines it offers and connects together in a logical and effective manner, together with more than 700 connectors to a wide array of data sources. Data collection, storage, monitoring and analysis are now possible under a single umbrella from HP Software.

The openness and flexibility of the HP Haven platform enables security operations teams to use the updated HP ArcSight Enterprise Security Manager (ESM) v6.5c to analyse security events in a broader context when used in conjunction with Hadoop, HP Autonomy or HP Vertica Analytics Platform data stores. This allows customers to benefit from an accurate prioritisation of risks and anomalies as well as advanced insider threat patterns. The HP ArcSight ESM solution operates in real-time, sifting through millions of log records, correlating the data at a rate of two million events per second to find the critical events.

HP ArcSight ESM v6.5c incorporates the latest iteration of the highly optimised back-end storage engine that allows faster querying to enable real-time alerts during complex searches, accelerates algorithm performance for correlation event processing and significantly improves data storage efficiency.