HP beefs up enterprise security suite with tools to root out malware, app vulnerabilites

The Fortify app testing service has gained machine learning analysis capabilities

Hewlett-Packard has devised two new ways of securing enterprise systems in the endless war on malicious network attackers.

One service inspects the Internet addresses being requested by employees for malicious links and the other service learns how an organization's coders write their programs.

The two new releases aim to "protect the interactions among your most valuable assets: your users, your applications and your data," said Frank Mong, HP vice president of solutions. The company announced the new software at the HP Protect security conference, held this week near Washington.

HP DNS Malware Analytics (DMA) monitors outbound DNS (Domain Name System) requests to ensure employee browsers aren't contacting rogue or malware Web sites. A DNS server provides specific numeric Internet addresses to end-user computers requesting Web sites by their domain names.

The service identifies those Web addresses that appear to be linked to suspicious activity. DMA combs through petabytes of DNS data collected by HP to identify suspicious or known malicious sites. Attempts to visit these blacklisted sites point to the possibility that malware is about to be installed on the user's machines.

"We can see the machine calling out, and we can stop the payload from being downloaded," Mong said.

The software uses an algorithmic engine to spot malware, drawing data from large numbers of DNS transactions collected by HP and its customers. This approach is superior to malware software that relies on a set of pre-determined rules, and thus can't be updated quickly enough to spot emerging threats, according to the company.

DMA is designed to work with HP ArcSight, a software suite for managing overall enterprise security. Earlier this year HP introduced capabilities in ArcSight, called HP User Behavior Analytics (UBA), that can determine if a user's credentials have been hijacked for malicious use. BMA and UBA can work together to prevent attackers from gaining entry into the internal network.

The job of spotting malware attacks is big one, and lots of time is wasted on tracking down false alarms. On average over 17,000 malware alerts are issued per week, and organizations spend an average of $1.27 million annually responding to erroneous threat intelligence, according to the security research firm Ponemon Institute. An algorithmic approach could cut down on the number of false positives, the company said.

HP has also updated its HP Fortify software with a new set of analysis tools. Fortify is a set of services and software for inspecting code to ensure it does not have bugs that could be exploited by malicious users.

The new analysis technique, now available on the Fortify service, uses machine learning algorithms to understand how an organization's developers write their applications, so it can more quickly identify common mistakes.

"Our machine learning capabilities allow the core engine to keep learning from typical coding mistakes, so we can scan faster, and we get much more accurate results," Mong said.,

The service can be inserted into the typical testing processes that new applications undergo before being deployed.

HP DNS Malware Analytics service, available on September 15, will start at US$80,000 a year, for analyzing up to 5 million DNS packets per day. The HP Fortify scan analysis software is now available as a new feature on the HP Fortify on Demand service.

Join the CSO newsletter!

Error: Please check your email address.

More about ArcSightDMAFortifyHP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joab Jackson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place