Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Extend the life of your security data with HP ArcSight ESM and Hadoop

‎05-28-2013 11:41 AM - edited ‎09-16-2015 02:00 PM

Data is the lifeblood of any security system. Data about attacks and our attackers, data about ourselves, all necessary to get a clearer picture of the risk surrounding our business and the effectiveness of our security programs. We use security data in a variety of ways: 

 

  • We log it so that it can be audited for compliance purposes
  • We use it to alert us of threats and malicious events
  • We comb through it in the case of a breach

 

By utilizing a Hadoop instance with your HP ArcSight implementation you can extend the life of the security data and make it work harder for you.

 

“The integration between ArcSight and Hadoop allows you to ask questions over the entire data set and get answers quickly,” says Morris Hicks, Senior Director of Solution Engineering for HP Enterprise Security Products. “Processing security data from ArcSight via Hadoop allows you to perform advanced security analytics.”

 

HP ArcSight technology gives you the ability to pull-in security data from disparate systems including:

 

  • Intrusion detection/prevention systems (IDS/IPS)
  • Firewalls (FW)
  • Vulnerability scan data Netflows
  • A host of other systems 

 

Within the ArcSight console, you can correlate the events and have rules that fire when certain threats emerge. It also allows for historical views and pattern discovery.  This is truly amazing technology for dealing with real-time events and trending reports.

 

With the new HP ArcSight + Hadoop integration you can extract base events, correlated events and triggered-rule information from ArcSight ESM and feed them into Hadoop HDFS.  This gives you the ability to  query vast data sets quickly.  Queries can include “Show me everything this IP address has done in my network over all data in the data store” or “Show me all activity of user XYZ including file downloads and external file uploads or emails”.

 

The data transfer from ArcSight ESM to the Hadoop cluster file system is a serious way to leverage security information over huge data stores.

 

How would you leverage ArcSight and Hadoop with your security data?

0 Kudos
About the Author

Kerry_Matre

Comments
Nilanjan Ghosh
on ‎06-03-2013 03:55 AM

I want to learn more on the IAST offering of HP, it's Data sheets, it's differences with the existing SAST and DAST tools and about it's unique features.

Any help?

on ‎06-11-2013 01:13 PM

@Nilanjan Gosh: Our IAST offering is a Runtime agent running with WebInspect.  Feel free to send me an email and I can put you in touch with the product experts.  kerry.matre@hp.com

Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all