Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Using behavioral analytics and HP ArcSight ESM to detect malicious insiders

Kerry_Matre ‎08-13-2013 03:18 PM - edited ‎06-11-2015 09:14 AM

Malicious insiders do not run around the office wearing masks and logging onto systems with userids like BadGuy1.  They sit among us.  They have access to the same buildings and systems that we do.  So what chance do we have of identifying them before it is too late and our trade secrets are in the hands of the wrong people?


Behavioral analytics is a tactic that HP has successfully deployed to monitor for out-of-the-ordinary behavior and alert officials before it is too late.


Traditional insider threat systems will monitor high risk users (new employees, contractors, notice-given employees, executives) for specific behavior.  This behavior can include:  

  • Downloading and printing sensitive data
  • Exporting data to known malicious sites
  • Logging on to systems during off-hours 

These tactics are useful but can have limited effectiveness against those bent on doing harm.


Behavioral analytics combines the traditional signature-based Insider Threat Monitoring with Human Intelligence (HUMINT). By using HP Arcsight ESM, baselines of behavior can be created for users.  Once these baselines have been established, ArcSight ESM can trigger upon the detection of out-of-the-ordinary behavior and send an alert.


This adaptation of existing technologies has proven very effective with current implementations. Now you have the opportunity to learn more about how HP has deployed Behavioral Analytics Security Intelligence Cell (BASIC) at this year's HP Protect conference in Washington DC.




0 Kudos
About the Author


Veerendra Y
on ‎08-29-2013 12:01 AM

Could you bring me up to speed on the current version of the ESM. E.g. Corr engine - Conditions - AGG- Actions- Threshold, I understand this in v 3.5
most restrictive condition first to reduce engine CPU usage etc.
Current Corr metrics?

How is it dealt with now?

Is smartagent flexagent the same as smartconnector and flex connector?

What are actors ? Is there any thing as actor?

Have assets been modified?

Pattern disc any changes.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all