Connect with us

Hi, what are you looking for?


Network Security

HP ArcSight Adds Unified Analytics for Big Data

HP has added unified security analytics for big data to its HP ArcSight portfolio this week, in an effort to help enterprises detect advanced persistent threats faster and more effectively.

HP has added unified security analytics for big data to its HP ArcSight portfolio this week, in an effort to help enterprises detect advanced persistent threats faster and more effectively.

The updates to the HP ArcSight product line includes out-of-the-box threat profiles and threat profile intelligence, improved ability to process events at scale, and provide actionable intelligence, HP said Tuesday. The updated HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are currently available worldwide, according to the company.

HPWith unified analytics from applications, users, networks, and systems, HP has integrated information security with big data for ArcSight, the company said.

“Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products at HP, said in a statement.

HP ArcSight Threat Detector 2.0 now has built-in threat profiles and threat profile intelligence. The pattern profiles use heuristic analysis on common threat areas, such as browsing patterns, distributed attack detection, early-stage attack detection, and activity profiling. It also uses experience-based techniques to identify repeating event patterns, regardless of whether they are benign or malicious. It also creates rules to detect zero-day threats and slow repeating attacks in real-time.

The new ArcSight Threat Response Manager 5.5 features cloud-ready closed loop capabilities for threat detection and response to mitigate advanced persistent threats, the company said. After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before attackers manage to transfer data out of the network. As a security information and event management (SIEM) platform, Threat Response Manager offers security controls and provides automated attack responses to reduce response time. Organizations can automate the entire threat response process, handling tasks normally left for staff, such as manually disabling accounts or network access, the company said.

The updates to HP ArcSight IdentityView 2.5 give security managers the tools they need to detect malicious behavior among its user base, HP said. IdentityView combines broad user activity collection across all accounts, applications, and systems with user and role data from various identity and access management technologies. This provides administrators with log events that have correlated user and role information, making it easier to get a complete picture of user activity. This way, organizations can mitigate insider threat risk and get better access governance, HP said.

If the user’s activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, IdentityView would flag the profile for further investigation, the company said.

Advertisement. Scroll to continue reading.

With these updates, organizations would be able to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services, Song said. Collectively, the new capabilities give organizations insights and intelligence necessary to reduce the risk from advanced attacks.

HP acquired ArcSight in a $1.5 billion acquisition that was announced in September 2010. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...