Extend the life of your security data with HP ArcSight ESM and Hadoop

Data is the lifeblood of any security system. Data about attacks and our attackers, data about ourselves, all necessary to get a clearer picture of the risk surrounding our business and the effectiveness of our security programs. We use security data in a variety of ways: 

 

  • We log it so that it can be audited for compliance purposes
  • We use it to alert us of threats and malicious events
  • We comb through it in the case of a breach

 

By utilizing a Hadoop instance with your HP ArcSight implementation you can extend the life of the security data and make it work harder for you.

 

“The integration between ArcSight and Hadoop allows you to ask questions over the entire data set and get answers quickly,” says Morris Hicks, Senior Director of Solution Engineering for HP Enterprise Security Products. “Processing security data from ArcSight via Hadoop allows you to perform advanced security analytics.”

 

HP ArcSight technology gives you the ability to pull-in security data from disparate systems including:

 

  • Intrusion detection/prevention systems (IDS/IPS)
  • Firewalls (FW)
  • Vulnerability scan data Netflows
  • A host of other systems 

 

Within the ArcSight console, you can correlate the events and have rules that fire when certain threats emerge. It also allows for historical views and pattern discovery.  This is truly amazing technology for dealing with real-time events and trending reports.

 

With the new HP ArcSight + Hadoop integration you can extract base events, correlated events and triggered-rule information from ArcSight ESM and feed them into Hadoop HDFS.  This gives you the ability to  query vast data sets quickly.  Queries can include “Show me everything this IP address has done in my network over all data in the data store” or “Show me all activity of user XYZ including file downloads and external file uploads or emails”.

 

The data transfer from ArcSight ESM to the Hadoop cluster file system is a serious way to leverage security information over huge data stores.

 

How would you leverage ArcSight and Hadoop with your security data?

Labels: ArcSight| Hadoop
Comments
Nilanjan Ghosh | ‎06-03-2013 03:55 AM

I want to learn more on the IAST offering of HP, it's Data sheets, it's differences with the existing SAST and DAST tools and about it's unique features.

Any help?

Kerry_Matre | ‎06-11-2013 01:13 PM

@Nilanjan Gosh: Our IAST offering is a Runtime agent running with WebInspect.  Feel free to send me an email and I can put you in touch with the product experts.  kerry.matre@hp.com

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.