TechWeb

HP Launches Big Data Security Products, Threat Research

Feb 26, 2013 (08:02 AM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=240149474


HP this week released new big data tools designed to provide businesses with better information security intelligence gathering capabilities, and launched a new information security research group that's been tasked with providing better threat intelligence for HP's own security products.

On the big data front, HP said users of HP ArcSight's security information and event management (SIEM) can now integrate the software with the HP Autonomy IDOL content analytics engine. According to HP, "this combination automatically recognizes the context, concepts, sentiments and usage patterns related to how users interact with all forms of data," and gives businesses a new way to translate raw security data into more actionable intelligence by helping security managers better track individual users' behavior patterns and spot signs of unusual activity.

To help businesses monitor more security events at once, HP also released a new HP ArcSight/Hadoop Integration Utility, which integrates HP ArcSight ESM 6.0c with Apache Hadoop, the open source data processing platform that's been driving the push toward big data. According to HP, the combination of Hadoop's large-scale data repository and ArcSight's reporting, search and correlation capabilities can be used to apply "statistical analysis, anomaly detection and predictive analytics" for security events contained in petabytes of captured data.

The company also announced a new HP ArcSight Cloud Connector, designed to allow businesses to collect application event and log data from cloud service providers.

[ Worried about the Chinese, Russians, hacktivists or cybercrime gangs infiltrating your network? Don't Blame China For Security Hacks, Blame Yourself. ]

HP has recently been the subject of breakup rumors, such as jettisoning its PC division or enterprise services unit. But CEO Meg Whitman dismissed those rumors in a first quarter 2013 earnings call Thursday, saying, "We've done what we said we would do in a multi-year journey to set up for recovery and expansion in 2014."

Many changes have already come to pass. At the end of last year, notably, "HP Software simplified its portfolio to address four major markets -- cloud/IT management, enterprise security, big data analytics and meaning-based computing," said Jillian Mirandi, an analyst at IT market research firm Technology Business Research, in a research report released last week. "Through this reorganization, HP Software has simplified and solidified its offerings and go-to-market strategy."

Prior to the reorganization, she said, the company was offering 60 standalone tools, which caused "internal and outward confusion" and hurt the company's bottom line. Of course, HP is hardly alone in this plight, which has affected numerous businesses -- including Symantec -- that have been on acquisition sprees, but which are now facing calls from customers to not sell point products, but to help improve their overall information security posture.

Now, Mirandi said, HP is betting big on big data and plans to invest $1.5 billion in its channel-partner programs HP PartnerOne and HP ExpertOne. Such programs are crucial for enticing value-added resellers (VARs) to actively market and sell HP's products to their customers, versus products being offered from HP's competitors.

As that suggests, HP isn't the only company selling security software that's also pursuing big data. "The company faces challenges from both a multitude of startups along with major IT players including IBM (PureData System for Analytics, formerly Netezza), EMC (Greenplum) and SAP Hana," said Mirandi.

On the security research front, HP Tuesday announced its new HP Security Research (HPSR) group, which it will use to provide threat intelligence to customers in collaboration with the existing HP DVLabs, which discovers and analyzes new vulnerabilities, together with HP Fortify Software Security Research, which develops better software security practices. The form of this threat intelligence will include published materials for clients, but more importantly, feeds for HP's existing products.

Those products include HP Reputation Security Monitor (RepSM 1.5), which according to HP watches for "peer-to-peer network use, potential spear phishing and spam floods, while also recognizing patterns over time such as reconnaissance scans and abnormal activity levels." HP RepSM 1.5 is due to be released on March 31, 2013.

HP ArcSight Express 4.0 -- an SIEM, log management and user activity monitoring appliance -- can also make use of the feeds by adding a copy of RepSM, although that combination costs extra. HP said ArcSight Express 4.0 will ship with a free, trial version of HP RepSM.

According to HP, HPSR will also take control of its Zero Day Initiative (ZDI), which is one of about two dozen legal, public programs that reward bug hunters who sell their vulnerabilities. Such programs have come under fire for keeping information on dangerous vulnerabilities in the hands of the highest-paying bidder.