Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

HP ArcSight Adds Unified Analytics for Big Data

HP has added unified security analytics for big data to its HP ArcSight portfolio this week, in an effort to help enterprises detect advanced persistent threats faster and more effectively.

HP has added unified security analytics for big data to its HP ArcSight portfolio this week, in an effort to help enterprises detect advanced persistent threats faster and more effectively.

The updates to the HP ArcSight product line includes out-of-the-box threat profiles and threat profile intelligence, improved ability to process events at scale, and provide actionable intelligence, HP said Tuesday. The updated HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are currently available worldwide, according to the company.

HPWith unified analytics from applications, users, networks, and systems, HP has integrated information security with big data for ArcSight, the company said.

“Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products at HP, said in a statement.

HP ArcSight Threat Detector 2.0 now has built-in threat profiles and threat profile intelligence. The pattern profiles use heuristic analysis on common threat areas, such as browsing patterns, distributed attack detection, early-stage attack detection, and activity profiling. It also uses experience-based techniques to identify repeating event patterns, regardless of whether they are benign or malicious. It also creates rules to detect zero-day threats and slow repeating attacks in real-time.

The new ArcSight Threat Response Manager 5.5 features cloud-ready closed loop capabilities for threat detection and response to mitigate advanced persistent threats, the company said. After a threat has been detected, organizations need to isolate the intrusion and resolve the compromise before attackers manage to transfer data out of the network. As a security information and event management (SIEM) platform, Threat Response Manager offers security controls and provides automated attack responses to reduce response time. Organizations can automate the entire threat response process, handling tasks normally left for staff, such as manually disabling accounts or network access, the company said.

The updates to HP ArcSight IdentityView 2.5 give security managers the tools they need to detect malicious behavior among its user base, HP said. IdentityView combines broad user activity collection across all accounts, applications, and systems with user and role data from various identity and access management technologies. This provides administrators with log events that have correlated user and role information, making it easier to get a complete picture of user activity. This way, organizations can mitigate insider threat risk and get better access governance, HP said.

If the user’s activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, IdentityView would flag the profile for further investigation, the company said.

With these updates, organizations would be able to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services, Song said. Collectively, the new capabilities give organizations insights and intelligence necessary to reduce the risk from advanced attacks.

Advertisement. Scroll to continue reading.

HP acquired ArcSight in a $1.5 billion acquisition that was announced in September 2010. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet