At the recent HP Protect Conference 2015
last week, Hewlett-Packard announced a brand new analytics service to help organisations improve security.
Scheduled for release next week on September 15, the security analytics solution – known as HP ArcSight DNS Malware Analytics
– detects malware-infected hosts and endpoints (including servers, desktops and mobile devices) using an algorithmic-driven service.
HP’s press release says organisations receive around 17,000 malware alerts each week:
“Due to the volume of data that enterprise security professionals must monitor, approximately four percent of all malware alerts are actually investigated, leaving a significant gap in security coverage. Additionally, traditional endpoint security solutions and manual intervention are not intercepting all critical malware infections, leaving organisations further exposed”.
To combat this problem, HP Labs (HP’s central research organization), and HP’s internal Cyber Defense Center joined forces. By employing a ’clientless’ approach that uses an algorithmic-driven service to identify infected hosts without endpoint agents, the company claims the approach can reduce false positives by a factor of 20 over other malware detection systems.
According to the data sheet, highlights include:
• Security analytics with high fidelity detection of malware-infected systems and endpoints
• Real-time analysis of “bad” traffic to detect breaches before damage occurs
• Automated breach detection that allows enterprises to eliminate unknown threats quickly
• Detect threats without overloading SIEM systems with an overwhelming number of DNS logs
Want the inside scoop? HP will be available to discuss this solution with delegates at the upcoming e-Crime & Information Security Mid-Year conference 2015.
Image credit: HP