HP unveils Big Data Security strategy

HP claims enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.

HP has taken the wraps off its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyberattacks or rogue-employee behavior.

HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problems.

[ BACKGROUND: Big Data Security Challenges ]

"Data is increasing and doubling every two years but companies aren't getting enough intelligence out it," says Varun Kohli, HP director of product marketing, enterprise security products, who argues larger organizations now regard their massive stores of data not just in terms of exabytes but brontobytes.

In terms of using any of this data for purposes of security, HP is making the case that enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.

HP's approach calls for making use of the data that can be analyzed with its Autonomy enterprise search and knowledge management applications and uniting some of these findings with the HP ArcSight SIEM. He notes Autonomy can monitor any website, social media sites like Facebook and Twitter, and other online sources to analyze content of interest. By correlating it with ArcSight, the SIEM can monitor employee behavior online or watch for unauthorized posting of sensitive information, he says.

Kohli says it's not only possible to pinpoint rogue-employee behavior related to data leaks but even learn in advance about cyberattacks being planned online against the organization by hactivists, who often post IP addresses to attack.

"Autonomy gives meaning to data. It can find out what people are saying, whether positive or negative things, online," says Kohli. "It could collect data that someone is going to launch an attack on my bank, for instance."

Autonomy, acquired by HP for $10.3 billion in late 2011, is said to have about 20,000 customers, and they would be the first likely participants to try out HP's Big Data Security approach. Kohli acknowledges that what's being tested today probably just "scratches the surface" in terms of the potential down the road. IBM and RSA, which recently introduced their own Big Data Security strategies, also admit it's early in the game.

One of the main questions, of course, is whether IT security professionals and data managers will show the level of interest and engagement needed to pursue what is still an emerging technology in mining "big data" for the purposes of security.

According to a survey published today of 706 IT and IT security practitioners in financial services, manufacturing and government asked about "big data analytics in cyber defense," 56% said they were aware of some of it and 61% thought it could be used to solve "pressing security issues." 35% said their organizations used some type of data analytics already to detect anomalous and potentially malicious traffic from entering their networks.

The "Big Data Analytics and Cyber Defense" survey, sponsored by Teradata and conducted by Ponemon Institute, indicated financial services industry had a higher level of interest and awareness about the potential than manufacturing or government.

Many said they'd like to see big data analytics used for security by combining knowledge gained through anti-malware, anti-DDoS, SIEM, content-aware firewalls, intrusion-prevention systems, Web applications firewalls and more. However, IT and security managers may have a big struggle ahead to convince upper management and others it's worth it. The survey notes, "there is a significant difference in how the value is perceived by others in the organization. Less than half (47 percent) of respondents believe their organization considers big data analytics in cyber defense as very important."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsIBMdata miningsoftwarebig dataHP AutonomyHewlett-PackardarcsightHPBig Data SecurityAutonomysecurity

More about ArcSightAutonomyFacebookHPIBM AustraliaIDGRSATeradata Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place