Behind the scenes at Labs
Showing results for 
Search instead for 
Did you mean: 

HP Labs teams with HP Enterprise Security Products to create HP Threat Central


Contributed by Simon Firth, freelance technology journalist


Tomas_Sander_Headshot_web.jpgHP this week announced HP Threat Central, a security intelligence platform that enables automated, real-time collaboration between organizations to combat today’s increasingly sophisticated cyber attacks.


Introduced at the HP Protect 2013 security event, the technology was conceptualized and developed by a team of HP Labs researchers and security experts from HP Enterprise Security Products (HP ESP).


“Our adversaries now organize around an underground marketplace for sharing resources and techniques to mount increasingly advanced attacks that cause extensive damage to organizations around the globe,” explained Jacob West, chief technology officer, HP ESP, at the event. “To combat collaborative attackers, enterprises must themselves join together by sharing targeted intelligence confidentially and, in real-time, create a unified industry defense.”                                                                                                                                                                    Tomas Sander,  Senior Researcher HP Labs


HP Threat Central offers a platform via which the ‘good guys’ can collectively fight back – letting them share information about specific perpetrators and types of attack, all while preserving the privacy and confidentiality of the data being submitted. Beyond warning participants of what to watch out for, the technology allows them to share detection and mitigation strategies and obtain a global view of the overall threat landscape.


“We’ve been talking about the good guys sharing information to better protect our IT infrastructure for a long time,” notes Tomas Sander, lead HP Labs researcher for HP Threat Central. “But we didn’t really have good technology to do it.  In Threat Central, though, we leverage the HP ArcSight Security Incident and Event Management system (known as HP ArcSight ESM), which already collects security and threat data from within an organization in a standardized format. What we’ve done is take that information and feed it into a common  platform for further analysis and correlation to create better threat intelligence for everyone in the community.”


Prior efforts to share threat information have mostly been limited to sector-specific groups that share information via email or in online fora, Sander points out. This manual approach has been both limited and slow, producing intelligence that is too often un-actionable and leaving multiple organizations to face the same attacker.


In contrast, HP Threat Central enables an automated and almost instant transfer of information. “It gives us an almost real-time ability to respond to the data we see coming in,” Sander explains. “We can also collect more information than ever before and do some very useful analytics on it.”


As well as being automated, HP Threat Central offers its users both privacy and confidentiality, says Sander. “We were very careful to make sure that the participating organizations within the Threat Central community have control over exactly what information they share and with whom,” he explains. “They get filters and other mechanisms to ensure that no personally identifiable or confidential information is being shared inappropriately.”


HP Threat Central draws on the experience of both HP Labs and HP ESP’s Security Research organization as long-time suppliers of security solutions within and outside HP. Their new platform, however, follows an open model, allowing also users who do not use HP security products to participate. Thus Threat Central can serve the entire community in the most powerful way possible.


“HP Labs' involvement and knowledge in the work being done around Open Standards has helped us understand and embrace these as part of the HP Threat Central solution,” adds HP ESP’s West. “More generally collaborating with HP Labs has helped us define a unique solution in the industry that will offer customers the ability to defend against cybersecurity threats in a collaborative way, incorporating trust and policy elements as well as advance analytics. The HP Labs team has been nothing short of excellent, and we look forward to our continued partnership as we further leverage the group's expertise in the rollout of the HP Threat Central platform.”


HP Threat Central is currently being piloted with a qualified group of HP ArcSight customers. The HP Labs project team, meanwhile, is looking to expand the platform to offer more sophisticated security indicators to its users, address increasingly complex use cases, and apply new analytic techniques to the Threat Central data sources to provide relevant and contextualized information to our customers.  HP Threat Central will be generally available in 2014.


Additional information about the HP Threat Central program is available at HP Threat Central and HP Security Research.


Additional links:


HP Enterprise Security


Information Security



0 Kudos
About the Author


Online Expert Days - 2020
Visit this forum and get the schedules for online Expert Days where you can talk to HPE product experts, R&D and support team members and get answers...
Read more
HPE at 2020 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2020
Read more
View all