With the rise of advanced persistent threats (APTs), IT security has never been more challenging. While these types of attacks are still a small percentage of the total number of attacks being made, they tend to be a lot more lethal and targeted. As a result, IT security teams are looking for more advanced security technologies that provide access to much better security intelligence.
To help IT organizations close this highly extended IT security loop, HP has refreshed its ArcSight portfolio of security products to include Big Data analytics capabilities that improve threat detection and upgrade the speed at which vulnerabilities can be fixed. The new version of HP ArcSight IdentityView also makes it easier to correlate user identities, roles and activities across security events.
According to Kathy Lam, SaaS product marketing manager for HP enterprise security products, it takes on average about 416 days to discover an APT once it has breached IT security. To reduce the amount of time it takes to remediate these breaches, Lam says IT organizations are going to rely more on Big Data analytics and advanced heuristics that are embedded within the IT security products they depend on.
Once they have those tools in place, Lam adds that IT organizations will have a much higher level of situational awareness not only of the types of attacks being launched, but also of the specific information that is being put at risk. In the case of HP, that means leveraging the Big Data analytics capabilities provided by HP Vertica and HP Autonomy platforms within the HP ArcSight portfolio.
Like most criminals, the people that perpetrate cybercrimes are always looking for the path of least resistance. For that reason alone, most of the attacks that IT organizations encounter are variants of previous attacks that have been tweaked to get around signature-based security systems. As the analytics capabilities of IT security software improve, it should be a lot easier to identify those types of attacks as well as more sophisticated APTs.
While there will never be perfect security, it’s pretty clear that IT security improvement is not only desirable, it’s actually possible. Naturally, that may require some additional investments to be made, but for first time, it’s starting to look like the return on those investments might actually result in tangible metrics in the form of fewer security breaches and much faster times to remediation.