HP Gets Smart About Security With New Threat Intelligence Capabilities

Hewlett-Packard is doubling-down on its security portfolio with the announcement Sept. 17 of its new Threat Central security intelligence service that is all about enabling collaboration among organizations to share security information.

HP is also updating other components of its security portfolio to take advantage of the new security intelligence, including the introduction of a new hardware firewall and an update to the ArcSight platform.

Threat Central offers a way of bringing security intelligence into HP by way of a normalized data structure, said Art Gilliland, senior vice president and general manager for Enterprise Security Products at HP. Threat Central then adds value to that information with additional contextual relevance, and the Threat Central feed can be piped back into security operations consoles, providing data that is then actionable.

The data that comes into Threat Central comes from HP’s own data sources as well as open sources of intelligence. The Threat Central technology adds a key missing piece to the security puzzle, Gilliland said.

Threat Central will enable HP to pull multiple data sources instead of just its own. Going a step further is the fact that HP will be making sure that the data can be understood in the context of everything else that might be going at a given enterprise or even across the larger threat landscape.

The data from Threat Central can feed into HP’s ArcSight Security Information and Event Management (SIEM) platform so that enterprises can then start to create policies and take actions to limit security risks.

HP is also improving ArcSight with new capabilities that enable it to collect even more information from enterprise networks.

Traditionally, the way a SIEM works is it collects logs from servers and other endpoint systems that generate log information. The challenge has always been about how to monitor and understand what is going on with machines that don’t generate logs, as well as those devices whose logs are not complete.

The new ArcSight improvements will enable enterprises to instrument their applications. The application instrumentation will enable enterprises to add security monitoring to applications that were built without monitoring capabilities.

If an enterprise is looking to find out if there are security risks and attacks against their own environment, the only way to do that is to watch how users interact with the environment, Gilliland told eWEEK. “We need to have full visibility and these new technologies give us that visibility,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.