Technology giant Hewlett-Packard (HP) announced updates to its ArcSight portfolio, offering enterprises unified security analytics for big data with expanded identity monitoring to accelerate the detection of persistent threats.
The series of updates includes ArcSight Threat Detector 2.0, which offers threat profiles and threat profile intelligence, and ArcSight Threat Response Manager 5.5, which provides cloud-ready, closed-loop capabilities for accelerated threat detection and response to mitigate advanced persistent threats (APTs). In addition, ArcSight IdentityView 2.5 has been enhanced with expanded correlation of user identity, roles and activities across events and security incidents.
"Typically batch in nature, big data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners or criminal or collusive rings of fraudulent or abusive activity," Avivah Litan, an analyst at IT research firm Gartner, said in a statement. "A critical ingredient for success is the ability to quickly and easily integrate all types of structured and unstructured information across multiple internal and external information sources."
Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps. The updated profiles use heuristic analysis on common areas of threat such as browsing patterns, distributed attack detection, early-stage attack detection and activity profiling.
"Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation," Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products for HP, said in a statement. "With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services."
With the launch of IdentityView 2.5, HP has expanded the number of users that a single instance can monitor by 10 times, an enhancement designed to help organizations correlate security incident and event data across an expansive user base to reduce insider threat risk. For example, if a user’s activity on the network does not correspond to permitted access controls and baseline behavior based on historically correlated data, the solution will flag the profile for further investigation.
"With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care," Keith Duemling, information security officer at Lake Health, said in a statement. "By automating threat detection across our network, HP ArcSight allowed us to move to a much more proactive approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10."