Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

2 ways to coordinate application, information and network security

HPE-SW-Guest ‎10-31-2012 07:26 AM - edited ‎09-25-2015 09:16 AM

by Norm Follet, Director of Solutions Design and Demo Group




As the cyber threat landscape continues to steadily evolve, enterprise security teams face a growing realization that siloed security tools are no longer adequate to protect their complex IT environments.

Enterprise security is better able to adapt to shifting threats when tools are coordinated across the domains of Information Management Security, Application Security and Network Security.

How does this work in practice? Here is an explanation of how a suite of HP Enterprise Security products—including TippingPoint, ArcSight and Fortify—work in concert to provide a defense in depth solution.


To watch the demo, click the image:


Use Case 1

As Internet traffic passes through the firewall, events are logged into the ArcSight console, providing visibility into where users are going, and what they are attempting to do.

One enhancement to the ArcSight console is an integration with Reputation Security Monitor (RepSM). RepSM pulls in information from TippingPoint DVLabs, a premier research organization for vulnerability analysis and discovery that allows for preemptive protection for vulnerabilities and zero day issues. The DVLabs list contains all known bad command-and-control (C&C) botnet servers, or suspicious browsing, malware hosts, etc.

The ArcSight console uses this list to create rules and alerts for insecure browsing activity. When an alert is triggered, it generates a packet that goes to Tipping Point Policy Management Server, which causes a policy to be pushed out to IPS sensors that blocks the traffic.

Because it is all fully automated, access to insecure sites is immediately blocked as browsing occurs, providing effective protection against malicious intent or unsuspecting user error.


Use Case 2

In a typical corporate environment, a web farm serves up applications to both internal and external users, and the Tipping Point IPS protects external access. But these applications occasionally have vulnerabilities, like buffer overflow.

Through a combination of Application Security Monitor (AppSM), and Fortify’s Real-TIme Analysis (RTA) component, security teams can see what those applications are doing to backend databases. For example, AppSM looks for connections to SQL servers, and specifically SQL injection attacks, cross-site scripting attacks and anything trying to pull data out of databases.

Another component is WebInspect, which will scan applications on the web servers and look for vulnerabilities. WebInspect and AppSM generate vulnerability reports that are sent to DVLabs, which then pushed out fixes to the IPSs and in essence, virtually patching applications at the IPS layer.

On the backend, AppSM and RTA monitor traffic connections between web servers and the databases. This log information is shared with the ArcSight Console where you can pull reports. ArcSight also generates rules based on that type of attack, which cause policies to be implemented in TippingPoint and RTA.


Better together

Automating coordinated responses across Security Intelligence, Network Security and Application Security tools helps to ensure that an enterprise is able to protect itself in real-time from new cyber threats. Moreover, integration with TippingPoint DVLabs benefits not just the enterprise, but it also helps to identify new threats and share that information with other enterprises around world.

Find out more
Discover how to develop an advanced and comprehensive enterprise security strategy at the HP Enterprise security website.

About the Author


This account is for guest bloggers. The blog post will identify the blogger.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all