TechWeb

HP Portal Crowdsources Security Threat Intelligence

Sep 17, 2013 (08:09 AM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=240161414


HP Tuesday announced a number of new and updated security offerings, including its first-ever next-generation firewall, as well as HP Threat Central, which is the company's first-ever crowdsourced portal designed for sharing real-time information on online attacks.

HP Threat Central will allow "vetted and correlated threat intelligence" from HP and selected partners to be disseminated via an online portal, where participants can also discuss and comment on information, said Art Gilliland, senior VP and general manager of HP's enterprise security products, speaking by phone. Related threat intelligence can also be piped directly into HP ArcSight for mitigating related attacks.

HP's push for crowdsourced threat intelligence sharing reflects how the best security tools in the world won't save enterprises if they don't know what types of emerging threats they're facing. To date, too many businesses have been operating in relative information security isolation.

"The things that have been blocking threat sharing: one is trust, and the other is you have to take the data and analyze it yourself," Gilliland said.

On the analysis tip, information from HP Threat Central -- which is currently being beta tested by a group of HP ArcSight customers -- will be in Structured Threat Information eXpression (STIX) language format, and can be obtained using the Trusted Automated eXchange of Indicator Information (TAXII) message exchange service specifications. "Both of those are standards -- neither one has won yet -- being worked on by the MITRE Corporation," Gilliland said, and together they enable cross-platform threat intelligence information sharing.

[ Maybe crowdsourced threat intelligence will be better than this: Federal DDoS Warnings Are Outdated. ]

Beyond Threat Central, HP also announced the debut of its first-ever next-generation firewall, which -- as defined by Gartner -- refers to "deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention and bringing intelligence from outside the firewall."

"We have a very good IPS system, which is essentially protecting the apps and data that sits in data center," said Gilliland, referring to the HP TippingPoint IPS (aka intrusion prevention system). "The challenge is that the threats are now coming in and attacking the users, so these next-generation firewalls and IPS systems are, to a certain extent, converging."

HP built its next-generation firewall from scratch, using its IPS platform as a base. "Why we think we'll be quite effective at this is we are incredibly effective at blocking threats with our IPS technology, and that's one of the challenges associated with using next-generation firewalls," Gilliland said, referring to the need to not just spot attacks, but also follow through and adjust defenses throughout the enterprise infrastructure. For example, he said, HP's use of a common policy framework means that if a next-generation firewall reports an ongoing attack, TippingPoint customers can create one related security rule, then apply it to every TippingPoint device, for example to create virtual patches that lock down a vulnerability attackers might be trying to exploit.

HP also announced Tuesday that its HP BIOSphere firmware ecosystem will gain what it's dubbed "HP SureStart technology," which allows the BIOS to heal itself should it be attacked or corrupted. "The hardware will defend itself above and beyond the other types of protections you'll find on the client," Gilliland said.

Other announcements from HP, meanwhile, included a continuous vulnerability monitoring service for U.S. government agencies, plus new enterprise managed security service capabilities, including better distributed denial of service (DDoS) attack detection and mitigation, as well as new bring-your-own-device (BYOD) and mobility services.

Learn more about defending your organization by attending the Interop conference track on Risk Management and Security in New York from Sept. 30 to Oct. 4.