HP has added unified security analytics for big data to its HP ArcSight portfolio this week, in an effort to help enterprises detect advanced persistent threats faster and more effectively.
The updates to the HP ArcSight product line includes out-of-the-box threat profiles and threat profile intelligence, improved ability to process events at scale, and provide actionable intelligence, HP said Tuesday. The updated HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are currently available worldwide, according to the company.
With unified analytics from applications, users, networks, and systems, HP has integrated information security with big data for ArcSight, the company said.
“Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products at HP, said in a statement.
HP ArcSight Threat Detector 2.0 now has built-in threat profiles and threat profile intelligence. The pattern profiles use heuristic analysis on common threat areas, such as browsing patterns, distributed attack detection, early-stage attack detection, and activity profiling. It also uses experience-based techniques to identify repeating event patterns, regardless of whether they are benign or malicious. It also creates rules to detect zero-day threats and slow repeating attacks in real-time.
The new ArcSight Threat Response Manager 5.5 features cloud-ready closed loop capabilities for threat detection and response to mitigate advanced persistent threats, the company said. After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before attackers manage to transfer data out of the network. As a security information and event management (SIEM) platform, Threat Response Manager offers security controls and provides automated attack responses to reduce response time. Organizations can automate the entire threat response process, handling tasks normally left for staff, such as manually disabling accounts or network access, the company said.
The updates to HP ArcSight IdentityView 2.5 give security managers the tools they need to detect malicious behavior among its user base, HP said. IdentityView combines broad user activity collection across all accounts, applications, and systems with user and role data from various identity and access management technologies. This provides administrators with log events that have correlated user and role information, making it easier to get a complete picture of user activity. This way, organizations can mitigate insider threat risk and get better access governance, HP said.
If the user’s activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, IdentityView would flag the profile for further investigation, the company said.
With these updates, organizations would be able to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services, Song said. Collectively, the new capabilities give organizations insights and intelligence necessary to reduce the risk from advanced attacks.
HP acquired ArcSight in a $1.5 billion acquisition that was announced in September 2010.