"Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level," said Eric Ahlm, Research Director at Gartner, in a recent Gartner statement. "Security analytics platforms endeavour to bring situational awareness to security events by gathering and analysing a broader set of data, such that the events that pose the greatest harm to an organisation are found and prioritised with greater accuracy*."
Organisations receive an average of 17,000 malware alerts per week, and spend an average of US$1.27 million annually in time and resources responding to inaccurate and erroneous threat intelligence**. Due to the volume of data that enterprise security professionals must monitor, approximately 4% of all malware alerts are actually investigated**, leaving a significant gap in security coverage. Additionally, traditional endpoint security solutions and manual intervention are not intercepting all critical malware infections, leaving organisations further exposed.
To help organisations automate the analysis of threat data, HP is introducing HP DNS Malware Analytics (DMA), which can identify infected hosts by inspecting an enterprise’s DNS traffic. Developed in partnership with HP Labs, HP’s central research organisation, and HP’s internal Cyber Defense Center, this clientless, algorithmic-driven service uncovers infected hosts without endpoint agents, helping customers to quickly detect high-risk threats, reduce data breach impact and enhance overall security posture.
“Organisations today are faced with growing volumes of security data and without the ability to separate the signal from the noise they can fall victim to undetected malware attacks, which can have serious financial and operational impact,” said Jeffrey Neo, Regional Director, Southeast Asia, HP Enterprise Security Products. “The new HP DNS Malware Analytics solution effectively puts the data science necessary to derive malware detection from voluminous DNS server events into a simple, highly efficient package for customers large and small, and when combined with the powerful HP ArcSight SIEM platform, provides next-generation SIEM capabilities to better protect the enterprise.”
HP DMA rapidly identifies malware-infected hosts such as servers, desktops and mobile devices so that they can be contained before gaining a foothold in the network. The solution uses a one-of-a-kind, algorithmic engine to analyse the high volume of DNS records. This enables the detection of new, unknown malware while simultaneously reducing false positives by a factor of 20 over other malware detection systems***.
The solution seamlessly integrates with the HP ArcSight SIEM platform, enabling customers to harness the power of SIEM and leverage their HP ArcSight Enterprise Security Management (ESM) deployments to correlate with other contextual data, issue alerts and signal appropriate remediation.
To further support HP’s focus on data-driven security, HP also introduced HP Fortify scan analytics, a first-of-its kind machine-learning technology that harnesses the power of an organisation’s application security data to improve accuracy and efficiency of application security solutions. Processing an organisation’s historical application security scan results to reduce the number of issues that require an auditor’s review, the solution enables customers to focus resources on fewer, higher priority tasks. This analytics technology integrates seamlessly into existing application security testing workflows, which helps to increase both the efficiency of the application security audit process and the relevancy of findings.
The new HP DMA and Fortify scan analytics offerings bolster HP’s existing analytics capabilities announced earlier this year around user behaviour analytics. HP User Behavior Analytics (UBA) provides customers visibility into user behaviour to detect malicious or negligent users, or external attacks that compromise user accounts across the enterprise.
Interested?
HP Fortify scan analytics is currently available as part of HP Fortify on Demand.
HP User Behavior Analytics is currently available, with version 1.1 of the solution, UBA Premium, released on August 30, 2015. For the availability of HP DNS Malware Analytics, please contact a local HP representative.
Read the TechTrade Asia blog post about HP's previous wave of security offerings, including HP Behavior Analytics
*Gartner press release, Gartner Says Security Analytics May Be Key in Breach Detection, April 2015,
**Ponemon Institute Study: The Cost of Malware Containment, January 2015
***Based on internal testing with production data.
No comments:
Post a Comment