Sentiment analysis use case with HP ArcSight, Hadoop and IDOL

ddos 2.PNG

Intelligence has a long history of providing pivotal information to decision-makers. Many have proposed that we must apply this concept of intelligence to information security and the struggle against the threat landscape. Without intelligence, we cannot proactively protect against attacks or potential attacks, mainly because we don’t understand the motivations and what’s behind them. One source of attacks, out of many, is the human intention or behavior of internal employee or an outsider to the company.

 

Sentiment analysis extracts meaning from these articles, posts, tweets and conversations and automatically performs detailed statistical analysis to identify emerging trends. For instance look at the tweets posted by Anonymous group on various DDOs attacks that were launched by them and wathc how they tweet in public forums such as Twitter and Facebook. In fact they also plan their launches through IRC chat or Twitter.

 

You need tools and technologies to monitor this 24/7 and these feeds should also be part of all the machine data you collect to analyze for security vulnerabilities in your critical infrastructure. HP ArcSight integrates with these 400+ connectors from IDOL that pulls sentiment from various human generated data such as tweets, emails, chat, etc. This is on top of the 350+ connectors for machine generated data. This allows ArcSight to truly examine big data, which is a combination of both machine and human generated data, and correlate the entire dataset to holistically enable an early detection of threats that otherwise would have been missed.

 

IDOL technology enables organizations to actively get this type of intelligence by monitoring the spiraling amount of user generated content on the Internet (social media) and analyze it for sentiment.  IDOL can determine the degree to which a sentiment is positive, negative or neutral for the entire content or a segment of the content.  

 

Here is a typical flow between HP ArcSight (ESM), HAdoop and IDOL:

 

ddos 4.png

 

When a user generates an “information”-related event, like sending an email or accessing a file, an event will be generated and sent to HP ArcSight ESM. Now, that we have ESM connected with IDOL, it will query IDOL for the context behind the event. IDOL will send back to ESM a full set of information properties like information classification, category, etc. This set of properties will be used to fire events.

 

ddos 4.png

 

Please look at the event name. The proximity indicator is the “judgment” IDOL provides ESM on the content related to the event. In this example, an email was sent out from “Jameson Jones” to Peter Chambliss with potentially information related to Mergers (~57 percent), then he sent an email with content, potentially related to research (~51 percent) and then some HR data.

 

This shift towards human friendly information represents the biggest change in the IT industry--security included.

Now, for the first time, it is possible to have the machines fit the human.  It is possible to run analytics across all information types for the purpose of better security management, including structured, unstructured, audio, video and more, with real-time meaning-based analysis with the ability to produce actionable outcomes.

 

Learn more about this at HP Protect 2013 technical sessions where we there will be discussions about how you can leverage threat feeds and social media for security monitoring. We also have a dedicated booth to showcase the launch of attacks and its prevention.

 

Register for HP Protect here.

 

HP_Protect_Register_Now_600x60_Static.jpg 

Comments
Easy Ways To Make Money Online(anon) | ‎01-02-2014 11:23 PM
I just like the helpful information you provide for your articles. I will bookmark your weblog and test again right here frequently. I'm fairly certain I will be told a lot of new stuff proper here! Good luck for the following!
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation