Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Threat Detection and Response in a Hybrid Cloud (Fifth in a Series)


In my previous blog, I discussed the second of five key security capabilities, dynamic infrastructure hardening, as part of Hewlett Packard Enterprise (HPE) Helion’s three guiding principles for hybrid cloud security—shaping security standards, a shared responsibility model, and a defense in-depth. The five key security capabilities for protecting your hybrid cloud are—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the third of these key security capabilities—monitoring, detecting and responding.

Cloud Security blog series HPE_Sec_Hero_400x267.jpg

Cyberattacks are growing exponentially and are increasingly more sophisticated, more frequent and more damaging—and the bad guys are getting smarter. The criminal marketplace has advanced beyond basic capabilities and is innovating and changing tactics every day. They are highly motivated to gain access to information for profit, politics and corporate espionage. According to a recent article in InfoWorld, there are even websites selling subscriptions and support, offering malware-as-a-service, which allows virtually anyone with little to no skills to potentially breach even sophisticated IT security environments.

A typical data breach response takes 24 days to detect and 46 days to address without proper controls or tools. That amount of time is unacceptable for today’s agile businesses. Having a quick response time to a security breach is paramount. By implementing capabilities that allow you to proactively monitor, detect and respond to security threats, you can remediate any security challenge faster. First, a quick response requires collecting and centralizing logs from the entire hybrid IT environment—private cloud, public cloud and traditional IT deployments. Next, analysis, reporting and alerting of the centralized data needs to be automated for IT operations, IT security and IT governance, risk and compliance (GRC) teams. This centralized data also needs to be archived and available for future use to correlate and troubleshoot attacks. Finally, maintaining audit trails captured from security events gives the GRC teams the supporting information needed for governance and compliance policy. All of these functions are required to adequately, and quickly, respond to today’s threats to a hybrid cloud environment. Having the right tools and procedures in place allows for fast detection and remediation to data breaches within hours—across your entire hybrid infrastructure.

Hewlett Packard Enterprise industry-leading security information and event management tools unify data logs from multiple sources into a single format. While unifying data logs is an essential step to detecting intrusions, it creates a “big data” resource that requires special tools for analysis. HPE ArcSight is an integrated big data security solution that collects, normalizes and correlates data, enabling administrators to search through millions of events in seconds to detect anomalies quickly and respond to threats across your entire hybrid IT environment. Years of unified data can be retained, archived and compressed, which provides a database of information that can be used for future security forensic and auditing needs. With HPE security tools, we can help enterprises respond to breaches in 4 hours, which otherwise would take 24 days. Full text searching can be performed in 10 minutes compared to 8 hours using prior tools.

As one of the five key security capabilities, monitoring, detecting and responding provide a critical element in delivering the right mix of security for a secure hybrid cloud environment. HPE ArcSight enables a full hybrid cloud monitoring, detecting and response capability to security threats that delivers a response time in minutes instead of days.

For the next blog in this series, I will discuss the fourth of the five key security capabilities: continuous regulatory compliance. To learn more about hybrid cloud security, download this whitepaper from 451 Research Group.

This is the fifth article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.



0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all