More

    HP Advances IT Security Analytics

    Slide Show

    A New Security Approach to Combat Today’s Threats

    In a development that could provide a lot of relief to IT organizations pressed by IT security challenges, Hewlett-Packard this week unveiled an appliance through which it will apply analytics delivered via the cloud to simplify IT security along with an update to its Fortify application scanning software that makes use of machine learning to more accurately identify potential security issues.

    At the HP Protect 2015 conference, HP unfurled an HP DNS Malware Analytics service that makes use of an appliance that gets installed next to a DNS server. As network traffic moves through that appliance, an HP cloud service analyzes it to identify clean traffic.

    Eric Schou, director of product marketing for HP ArcSight, says data about suspicious traffic is then sent over to the HP ArcSight security information event management (SIEM) system, where IT security professionals can then identify its true nature. At the same time, HP Fortify application scanning software, which can be deployed on premise or in the cloud, has been updated in a way that enables it to apply machine learning algorithms against historical data to identify potential application security issues.

    In general, Schou notes that 99 percent of the network traffic moving through any organization is clean. The challenge is identifying the 1 percent of that traffic that is transporting malware. By making use of technology developed by HP Labs, Schou said HP can now identify which network packets are free of malware versus those that might be used to deliver a malware payload.

    HP-ArcSight-DMA

    HP says that, on average, IT organizations receive 17,000 malware alerts per week, resulting in millions of dollars in time and labor being wasted in tracking down false positives. In fact, all that effort contributes to a security fatigue factor that results in internal IT organizations becoming inured to those alerts, only to discover later that they had actually been alerted to an attack that wound up compromising several systems. By being able to determine which network traffic and applications are free of malware, Schou says the number of false positives that IT organizations will need to investigate will drop substantially.

    While these technologies may not be able to stop attacks from being launched in the first place just yet, they can go a long way toward making IT security a lot more manageable. The challenge, of course, is finding the budget needed to put more advanced IT security tools in the hands of IT professionals who are being asked to combat modern threats using technologies that were designed for an era that has long since passed.

    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Latest Articles