/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: HP today announced updates to its HP ArcSight portfolio, offering enterprises unified security analytics for big data with expanded identity monitoring to accelerate the detection of persistent threats.
HP said in a release that enterprises must proactively anticipate intrusions and hasten the detection of risks in order to protect valuable assets. To successfully identify and remediate occurrences of prolonged unauthorized network access, also known as advanced persistent threats (APTs), organizations must be prepared to:
· Handle and process information at high velocity, volume and variety.
· Analyze structured and unstructured data both inside and outside their network.
· Monitor events in cloud, mobile and virtual environments.
· Automatically take action once a threat has been detected.
"Typically batch in nature, big data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners, or criminal or collusive rings of fraudulent or abusive activity," said Avivah Litan, analyst, Gartner. "A critical ingredient for success is the ability to quickly and easily integrate all types of structured and unstructured information across multiple internal and external information sources."
Strengthening its existing portfolio of security solutions for big data, HP has introduced a series of updates including HP ArcSight Threat Detector 2.0 with out-of-the-box threat profiles and threat profile intelligence, and HP ArcSight Threat Response Manager 5.5 with cloud-ready, closed-loop capabilities for accelerated threat detection and response to mitigate APTs. In addition, HP ArcSight IdentityView 2.5 has been enhanced with expanded correlation of user identity, roles, and activities across events and security incidents.
With unified analytics from applications, users, network and systems, HP provides a unique portfolio of solutions integrating information security with big data. Collectively, these solutions process events at scale, provide deep insights out of the box, correlate user context, and provide actionable intelligence to reduce the risk of APTs.
"With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care," said Keith Duemling, Information Security Officer, Lake Health. "By automating threat detection across our network, HP ArcSight allowed us to move to a much more proactive approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10."
"Adversaries only need to get it right once to invoke serious damage on an organization's private data, ability to provide critical service or corporate reputation," said Ranndeep Chonker, Country Manager, HP Enterprise Security Products, India. "With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services."
Heuristic analysis and threat detection
HP ArcSight Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps.
With the latest release, HP has added out-of-the-box pattern profiles that use heuristic analysis on common areas of threat such as browsing patterns, distributed attack detection, early-stage attack detection and activity profiling. Companies without dedicated security operations capabilities can benefit by immediately identifying APTs.
Monitor for insider threats before damage is done
With many attacks to organizations enacted by insiders, companies need to focus on detecting malicious intent of their existing user base. HP ArcSight IdentityView combines broad user activity collection across all accounts, applications and systems with user and role data from identity and access management (IAM) technologies to deliver an insider threat solution unique in the industry. It also enriches log events with user and role information, providing a complete picture of user activity, including shared, high-risk and privileged accounts. The result is mitigation of insider threat risk, better access governance and faster forensic investigations.
With the launch of HP ArcSight IdentityView 2.5, HP also has expanded the number of users that a single instance can monitor by 10 times, helping organizations correlate security incident and event data across an expansive user base to reduce insider threat risk.
If a user's activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, the solution will flag the profile for further investigation. As a result, a company's security operations team can identify intentional versus unintentional activities and mitigate potential threats in real time.
Respond quickly to reduce risk of data loss
After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before valuable data is exfiltrated from the network. Delivered as a cloud-ready, add-on application to the leading HP ArcSight Security Information and Event Management (SIEM) platform, HP ArcSight Threat Response Manager (TRM) 5.5 provides a closed-loop, end-to-end network security and monitoring solution that addresses accelerated threat detection through proactive response.
HP TRM takes the threat response process to the next level with controls and automation of attack responses, helping to reduce threat response time without adding cost. The solution also enables users to automate the entire threat response process, reducing the need for additional security staff. Instead of waiting for the staff to manually disable accounts or network access, HP TRM shuts off access in a timely manner.
Additionally, HP has extended the capabilities of HP TRM beyond the data center and into the cloud. HP TRM is offered as a virtualized appliance on VMware, giving clients greater deployment flexibility while helping address their unique security needs.
Availability
HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are now available worldwide.