Enterprises must pro-actively anticipate intrusions and hasten the detection of risks in order to protect valuable assets. To successfully identify and remediate occurrences of prolonged unauthorized network access, also known as advanced persistent threats (APTs), organisations must be prepared to:
Typically batch in nature, Big Data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners, or criminal or collusive rings of fraudulent or abusive activity", stated Avivah Litan, analyst, Gartner. "A critical ingredient for success is the ability to quickly and easily integrate all types of structured and unstructured information across multiple internal and external information sources."
Strengthening its existing portfolio of security solutions for big data, HP has introduced a series of updates including HP ArcSight Threat Detector 2.0 with out-of-the-box threat profiles and threat profile intelligence, and HP ArcSight Threat Response Manager 5.5 with Cloud-ready, closed-loop capabilities for accelerated threat detection and response to mitigate APTs. In addition, HP ArcSight IdentityView 2.5 has been enhanced with expanded correlation of user identity, roles, and activities across events and security incidents.
With unified analytics from applications, users, network and systems, HP provides a unique portfolio of solutions integrating information security with Big Data. Collectively, these solutions process events at scale, provide deep insights out of the box, correlate user context, and provide actionable intelligence to reduce the risk of APTs.
"With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care", stated Keith Duemling, Information Security Officer, Lake Health. "By automating threat detection across our network, HP ArcSight allowed us to move to a much more pro-active approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10."
"Adversaries only need to get it right once to invoke serious damage on an organisation's private data, ability to provide critical service or corporate reputation", stated Haiyan Song, vice president and general manager, ArcSight, Enterprise Security Products, HP. "With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action pro-actively to minimize business impact and prevent disruption to critical client services."
HP ArcSight Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps.
With the latest release, HP has added out-of-the-box pattern profiles that use heuristic analysis on common areas of threat such as browsing patterns, distributed attack detection, early-stage attack detection and activity profiling. Companies without dedicated security operations capabilities can benefit by immediately identifying APTs.
With many attacks to organisations enacted by insiders, companies need to focus on detecting malicious intent of their existing user base. HP ArcSight IdentityView combines broad user activity collection across all accounts, applications and systems with user and role data from identity and access management (IAM) technologies to deliver an insider threat solution unique in the industry. It also enriches log events with user and role information, providing a complete picture of user activity, including shared, high-risk and privileged accounts. The result is mitigation of insider threat risk, better access governance and faster forensic investigations.
With the launch of HP ArcSight IdentityView 2.5, HP also has expanded the number of users that a single instance can monitor by 10 times, helping organizations correlate security incident and event data across an expansive user base to reduce insider threat risk.
If a user's activity on the network does not correspond to permitted access controls and baseline behaviour based on historically correlated data, the solution will flag the profile for further investigation. As a result, a company's security operations team can identify intentional versus unintentional activities and mitigate potential threats in real time.
After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before valuable data is exfiltrated from the network. Delivered as a Cloud-ready, add-on application to the leading HP ArcSight Security Information and Event Management (SIEM) platform, HP ArcSight Threat Response Manager (TRM) 5.5 provides a closed-loop, end-to-end network security and monitoring solution that addresses accelerated threat detection through pro-active response.
HP TRM takes the threat response process to the next level with controls and automation of attack responses, helping to reduce threat response time without adding cost. The solution also enables users to automate the entire threat response process, reducing the need for additional security staff. Instead of waiting for the staff to manually disable accounts or network access, HP TRM shuts off access in a timely manner.
Additionally, HP has extended the capabilities of HP TRM beyond the data center and into the Cloud. HP TRM is offered as a virtualized appliance on VMware, giving clients greater deployment flexibility while helping address their unique security needs.
HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are now available worldwide.