Hewlett Packard Enterprise (HPE) announced new security capabilities at the RSA Conference in San Francisco this week to help protect big data and internet of things (IoT) workloads as well as a new tool to help investigate threats.
HPE developed its SecureData for Hadoop and IoT offering to help organizations protect sensitive information from being exposed in large data flows. At the core of the SecureData for Hadoop and IoT product is technology from the open-source Apache NiFi project. The NiFi code was originally built by the U.S. National Security Agency (NSA) to help solve the challenge of moving around large amounts of continuously streamed data efficiently and securely.
“What we have built are interfaces that allow for the interception and protection of data in real time,” Albert Biketi, vice president and general manager of HPE Security and Data Security at HPE, told eWEEK.
If, for example, the SecureData system sees a piece of data that is valuable, such as credit card information, flowing through a streaming data platform, that data can be anonymized and protected, according to Biketi. SecureData has a high capacity to protect structured and semi-structured data fields, he added.
For advanced big data analytics, see HPE Vertica.
SecureData for Hadoop and IoT does not encrypt all data, but that’s not necessarily a bad thing. Biketi noted that sometimes all an organization needs is protection for sensitive data fields; regular data encryption can be used for data storage afterward.
“Having data protection around the sensitive data fields means you don’t have to protect everything the same way on a system,” he said.
In addition, inside of the SecureData technology stack HPE has a capability known as stateless key management. Biketi said that often key management for encryption is hard to scale, but with a stateless approach, HPE is solving the challenge.
“We can literally protect trillions of objects and not run out encryption capacity,” he said.
HPE also announced at the RSA Conference the beta availability of the ArcSight Investigate platform.
“ArcSight Investigate is basically a threat investigation tool that sits on the ArcSight platform,” Jason Schmitt, vice president and general manager of ArcSight and Fortify at HPE, told eWEEK. “It’s all about arming threat hunting teams with scalable and powerful search on top of the security operations data that is already in ArcSight.”
The core ArcSight platform is a Security Information and Event Management (SIEM) technology that collects log and event data. The new ArcSight Investigate technology makes use of HPE’s Vertica analytics technology to gain insights into security event data.
HPE will provide Vertica as part of the ArcSight Investigate product bundle, without the need for an organization to acquire a separate Vertica license, Schmitt said. “For security analysts, we’re providing them with contextual search capabilities that are easy to use,” he said.
With the initial release of ArcSight Investigate, the contextual search is about point-in-time search and providing organizations with the ability to look for threats with dashboards for regular review of information. Moving forward, the plan is to provide a guided search capability in a future release that will help to direct security analysts in their threat hunting activities.
ArcSight Insight is currently in beta, with general availability set for April.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Disclaimer: QS may receive compensation from some of the companies or products reviewed in the article.