Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Visibility and response in hyperconverged environments



By Andrew Nielsen, CISSP, CISA, ISSAP, ISSMP, - Senior Product Manager, Security Solutions, HPE

For the last couple months, I have spent a lot of time examining the security challenges that customers face when deploying hyperconverged infrastructure and hybrid cloud.  273c246.jpgDuring that time, HPE and vArmour have deepened our partnership, interlocking next generation infrastructure with next generation security solutions to give customers the confidence to embrace the Idea Economy.  Up to this point, this discussion has largely focused around the HPE Hyper Converged 380 powered by Intel® and vArmour’s Distributed Security System (DSS).

This month, I want to spend some time talking about an often overlooked component of the hyperconverged and multi-cloud security discussion, which is called Security Information Event Management or SIEM.  SIEM has been around for years and is a staple in the security toolbox of organizations across the world for security event correlation and incident response.  However, SIEM has a new role to play when it comes to hyperconverged infrastructure with active response and threat mitigation.  It just so happens that HPE has a market leading SIEM in the form of ArcSight Enterprise Security Manager (ESM) that is ready to deliver the security agility required in modern infrastructure and the multi-cloud world.

In addition to HPE and vArmour’s integration on the hyperconverged infrastructure, the two organizations have been hard at work to tightly couple ArcSight and DSS to visualize their overall security attack surface, react quickly to security threats anywhere in their bigstock-Network-Safety-Concept-112864718.jpgenvironment, and take a more proactive security posture

Together, HPE ArcSight ESM and vArmour DSS allow customers to:

  • See application traffic anywhere in your environment to perform real time analysis
  • Identify risky application behaviors depending on the security profile of the workload
  • Correlate data from multiple security solutions to enrich and accelerate analysis of possible threats

React Quickly
HPE ArcSight ESM is able to correlate events anywhere in your environment, which lets you:

  • Detect threats in real time and deliver automated responses via vArmour DSS in the hyper converged virtualized data center
  • Increase detection fidelity by triggering alerts when combining on application-layer telemetry for workloads
  • Respond in real-time to isolate risky assets, quarantine instances or enable deeper forensics by pivoting between ArcSight and vArmour

Be Proactive
Enable policy-based micro-segmentation triggered by ArcSight to vArmour to be deployed around individual workloads to:

  • Monitor micro-segmentation policies for compliance or violation using ArcSight ESM
  • Enable workload-specific security policies that maintain application segmentation on hyperconverged infrastructure
  • Apply security policies to new workloads as they are provisioned in real time

As HPE customers continue to embrace Hyper Converged platforms, the need for increased visibility, event correlation, monitoring and real time responses to critical threats will become increasingly more important--no matter where the workload resides.  With HPE hyperconverged platforms, ArcSight ESM and vArmour DSS, those workloads can be secured wherever they reside in the customer infrastructure--whether that is on-prem or in the cloud.

For more information on HPE hyperconverged platforms and vArmour DSS, check out my previous articles:
Speed and Security without Compromise
Security at the Speed of Hyper-converged

Curious how can HPE help you better if you are a Dell or EMC customer? We can point you in the right direction.


Follow HPE Converged Systems

0 Kudos
About the Author