HP Updates HP ArcSight Portfolio

HP has announced updates to its HP ArcSight portfolio, offering enterprises unified security analytics for big data with expanded identity monitoring to accelerate the detection of persistent threats.

Strengthening its existing portfolio of security solutions for big data, HP has introduced a series of updates including HP ArcSight Threat Detector 2.0 with out-of-the-box threat profiles and threat profile intelligence, and HP ArcSight Threat Response Manager 5.5 with cloud-ready, closed-loop capabilities for accelerated threat detection and response to mitigate APTs. In addition, HP ArcSight IdentityView 2.5 has been enhanced with expanded correlation of user identity, roles, and activities across events and security incidents.

With unified analytics from applications, users, network and systems, HP provides a unique portfolio of solutions integrating information security with big data. Collectively, these solutions process events at scale, provide deep insights out of the box, correlate user context, and provide actionable intelligence to reduce the risk of APTs.

“Adversaries only need to get it right once to invoke serious damage on an organisation’s private data, ability to provide critical service or corporate reputation,” said Ranndeep Chonker, Country Manager, HP Enterprise Security Products, India. “With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimise business impact and prevent disruption to critical client services.”

HP ArcSight Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps.

With the latest release, HP has added out-of-the-box pattern profiles that use heuristic analysis on common areas of threat such as browsing patterns, distributed attack detection, early-stage attack detection and activity profiling. Companies without dedicated security operations capabilities can benefit by immediately identifying APTs.

With many attacks to organisations enacted by insiders, companies need to focus on detecting malicious intent of their existing user base. HP ArcSight IdentityView combines broad user activity collection across all accounts, applications and systems with user and role data from identity and access management (IAM) technologies to deliver an insider threat solution unique in the industry. It also enriches log events with user and role information, providing a complete picture of user activity, including shared, high-risk and privileged accounts. The result is mitigation of insider threat risk, better access governance and faster forensic investigations.

With the launch of HP ArcSight IdentityView 2.5, HP also has expanded the number of users that a single instance can monitor by 10 times, helping organisations correlate security incident and event data across an expansive user base to reduce insider threat risk.

If a user’s activity on the network does not correspond to permitted access controls and baseline behaviour based on historically correlated data, the solution will flag the profile for further investigation. As a result, a company’s security operations team can identify intentional versus unintentional activities and mitigate potential threats in real time.

After a threat has been detected, organisations need to isolate the intrusion and resolve the compromise before valuable data is exfiltrated from the network. Delivered as a cloud-ready, add-on application to the leading HP ArcSight Security Information and Event Management (SIEM) platform, HP ArcSight Threat Response Manager (TRM) 5.5 provides a closed-loop, end-to-end network security and monitoring solution that addresses accelerated threat detection through proactive response.

HP TRM takes the threat response process to the next level with controls and automation of attack responses, helping to reduce threat response time without adding cost. The solution also enables users to automate the entire threat response process, reducing the need for additional security staff. Instead of waiting for the staff to manually disable accounts or network access, HP TRM shuts off access in a timely manner.

Additionally, HP has extended the capabilities of HP TRM beyond the data center and into the cloud. HP TRM is offered as a virtualised appliance on VMware, giving clients greater deployment flexibility while helping address their unique security needs.