HP Helps Enterprises Use Big Data to Protect Critical Information, Mitigate Risk
PALO ALTO, Calif. — HP today announced updates to its HP ArcSight portfolio, offering enterprises unified security analytics for big data with expanded identity monitoring to accelerate the detection of persistent threats.
Enterprises must proactively anticipate intrusions and hasten the detection of risks in order to protect valuable assets. To successfully identify and remediate occurrences of prolonged unauthorized network access, also known as advanced persistent threats (APTs), organizations must be prepared to:
- Handle and process information at high velocity, volume and variety.
- Analyze structured and unstructured data both inside and outside their network.
- Monitor events in cloud, mobile and virtual environments.
- Automatically take action once a threat has been detected.
“Typically batch in nature, big data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners, or criminal or collusive rings of fraudulent or abusive activity,” said Avivah Litan, analyst, Gartner. “A critical ingredient for success is the ability to quickly and easily integrate all types of structured and unstructured information across multiple internal and external information sources.”(1)
Strengthening its existing portfolio of security solutions for big data, HP has introduced a series of updates including HP ArcSight Threat Detector 2.0 with out-of-the-box threat profiles and threat profile intelligence, and HP ArcSight Threat Response Manager 5.5 with cloud-ready, closed-loop capabilities for accelerated threat detection and response to mitigate APTs. In addition, HP ArcSight IdentityView 2.5 has been enhanced with expanded correlation of user identity, roles, and activities across events and security incidents.
With unified analytics from applications, users, network and systems, HP provides a unique portfolio of solutions integrating information security with big data. Collectively, these solutions process events at scale, provide deep insights out of the box, correlate user context, and provide actionable intelligence to reduce the risk of APTs.
“With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care,” said Keith Duemling, Information Security Officer, Lake Health. “By automating threat detection across our network, HP ArcSight allowed us to move to a much more proactive approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10.”
“Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” said Haiyan Song, vice president and general manager, ArcSight, Enterprise Security Products, HP. “With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services.”
Heuristic analysis and threat detection
HP ArcSight Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps.
With the latest release, HP has added out-of-the-box pattern profiles that use heuristic analysis on common areas of threat such as browsing patterns, distributed attack detection, early-stage attack detection and activity profiling. Companies without dedicated security operations capabilities can benefit by immediately identifying APTs.
Monitor for insider threats before damage is done
With many attacks to organizations enacted by insiders, companies need to focus on detecting malicious intent of their existing user base. HP ArcSight IdentityView combines broad user activity collection across all accounts, applications and systems with user and role data from identity and access management (IAM) technologies to deliver an insider threat solution unique in the industry. It also enriches log events with user and role information, providing a complete picture of user activity, including shared, high-risk and privileged accounts. The result is mitigation of insider threat risk, better access governance and faster forensic investigations.
With the launch of HP ArcSight IdentityView 2.5, HP also has expanded the number of users that a single instance can monitor by 10 times, helping organizations correlate security incident and event data across an expansive user base to reduce insider threat risk.
If a user’s activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, the solution will flag the profile for further investigation. As a result, a company’s security operations team can identify intentional versus unintentional activities and mitigate potential threats in real time.
Respond quickly to reduce risk of data loss
After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before valuable data is exfiltrated from the network. Delivered as a cloud-ready, add-on application to the leading HP ArcSight Security Information and Event Management (SIEM) platform, HP ArcSight Threat Response Manager (TRM) 5.5 provides a closed-loop, end-to-end network security and monitoring solution that addresses accelerated threat detection through proactive response.
HP TRM takes the threat response process to the next level with controls and automation of attack responses, helping to reduce threat response time without adding cost. The solution also enables users to automate the entire threat response process, reducing the need for additional security staff. Instead of waiting for the staff to manually disable accounts or network access, HP TRM shuts off access in a timely manner.
Additionally, HP has extended the capabilities of HP TRM beyond the data center and into the cloud. HP TRM is offered as a virtualized appliance on VMware, giving clients greater deployment flexibility while helping address their unique security needs.
HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are now available worldwide.
Additional information about HP Enterprise Security Products is available at www.hpenterprisesecurity.com.
HP’s annual enterprise security event, HP Protect, will take place Sept. 16-19 in Washington, D.C.
HP’s premier EMEA client event, HP Discover, takes place Dec. 10-12 in Barcelona, Spain.
(1) Gartner, “Use Big Data Analytics to Solve Fraud and Security Problems”, Avivah Litan, March 29, 2013.
This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP’s businesses; the competitive pressures faced by HP’s businesses; risks associated with executing HP’s strategy; the impact of macroeconomic and geopolitical trends and events; the need to manage third party suppliers and the distribution of HP’s products and services effectively; the protection of HP’s intellectual property assets, including intellectual property licensed from third parties; risks associated with HP’s international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP’s Quarterly Report on Form 10-Q for the fiscal quarter ended April 30, 2013 and HP’s other filings with the Securities and Exchange Commission, including HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2012. HP assumes no obligation and does not intend to update these forward-looking statements.
© 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers’ most complex challenges in every region of the world. More information about HP (NYSE: HPQ) is available at http://www.hp.com