HBGary, the firm that gained wide attention after they were hacked by Anonymous early last year, has partnered with HP in order to get HBGary’s Active Defense integrated with the ArcSight platform.
Specifically, HBGary’s Active Defense can be added to the ArcSight SIEM platform with the aim of offering stronger real-time monitoring, and protection from the fearful marketing acronym APT. APTs, or Advanced Persistent Threats, are a type of attack that leverage several classes of exploits and vulnerabilities to achieve a goal, but usually start by exploiting the human element in the security chain with a Phishing attack.
“Security vendors must work together to help organizations defeat today’s APT attacks — every day, companies are compromised, but few will learn about it until days, weeks or even months afterward,” said Penny Leavy, President of HBGary, Inc.
With Active Defense added in, ArcSight’s threat and risk management platform can offer visibility into known and unknown threats, including memory-only rootkits, botnet communications, and various other exploit tools.
As a bonus, because Active Defense can now work alongside the ArcSight platform, HBGary has earned the Common Event Format (CEF) Certification. The CEF connector allows ArcSight ESM to connect to, aggregate, filter, correlate, and analyze events from applications and devices, which output their logs in the CEF standard, utilizing the syslog transport protocol.
For the curious, more on Active Defense is here. Information on the ArcSight platform is here.
Related Reading: Practical SIEM Deployment – Getting The Most From Your SIEM Solution