The federal government is in the same boat as the rest of the world’s large enterprise IT shops: The perimeter is quickly changing, growing or disappearing altogether, causing attacks to increase not only in frequency but also in the various locations that are targeted within a stack.
Hewlett-Packard has moved to counter this evolution, focusing on protecting systems that are having trouble keeping up with the breadth, speed and sophistication of today’s threats.
“We think that security is no longer about protecting network infrastructure,” Sue Barsamian, a senior vice president and general manager of HP Enterprise Security Products, said during the Wednesday session of the company’s Protect conference. “We think that in today’s environment you want to protect the environments between users, applications and data, regardless of location or device.”
To protect that whole environment, HP is leaning heavily on analytics in a suite of cybersecurity products, giving IT shops and security operation centers a chance to lean on machine learning for security work that would otherwise be impossible to complete.
HP unveiled Wednesday its DNS Malware Analytics, a new feature included on ArcSight, the company’s security information and event management offerings. The service — available Sept. 15 for a one-year subscription starting at $80,000 — identifies infected hosts without endpoint agents, inspecting traffic at the DNS, or domain name system, level to detect high-risk threats and reduce the impact of data breaches.
Rob Roy, HP’s federal chief technology officer, said the service could give government agencies the ability to pour over the massive amount of traffic they see without devoting the large workforce (and dollar amount attached) needed to otherwise perform that task.
“Nobody in government is capturing all of their DNS traffic,” Roy told FedScoop. “Which is why attackers are embedding their attacks inside of the DNS stream, because they know it’s so broad and happening so fast that they can go relatively undetected. So we figured out that we can look at that, and it’s really simple to determine the known good from the suspicious.”
Roy said the product actually started inside HP Labs, the company’s central research facility, when HP realized it was having its own malware problems. With this service in place, Roy said HP was able to search through 25 billion events to figure out and remediate the problem.
“[HP Labs] figured out in our stream we could filter out 99 percent of the traffic, because it was everyday traffic,” Roy told FedScoop. “But there is 1 percent of it that’s questionable. So all of the IT resources are focused on that little bit. It has enabled us to find malware and botnet systems that compromised Hewlett-Packard.”
HP also unveiled its Fortify scan analytics, part of its FedRAMP-certified Fortify On-Demand cloud security suite.
With this feature, HP uses machine learning to source findings on vulnerabilities in various forms of software. The service now analyzes thousands of audited tests to make assurance audits more automated and effective, allowing enterprise shops to fine-tune their own reviews to fit their enterprise’s various needs.
“What this technology does is learn from your past tests and combines it with the entire HP Fortify customer base to very quickly prioritize and extract non-important findings,” said Maria Bledsoe, HP’s senior manager for product marketing. “You get more immediate results by doing that, because there is no human intervention. You don’t have to audit.”
Whether it’s the software assurance directives built into the National Defense Authorization Act or the lessons learned from the Office of Personnel Management hack, Roy said it’s important for the federal government to embrace analytics as a way to combat the myriad threats agency’s face.
“Almost everybody is an insider, even the outsider,” Roy told FedScoop. “As soon as they get an purchase inside your organization, the effectively become one of your employees. Somebody who has privileges within your network can extract information, and they do so in a very, very covert way.”
So given that networks, endpoints and the people accessing all of it are becoming more amorphous, HP wants people to use their tools to get ahold of their enterprise before criminals do.
“We think analytics can be a huge help in protecting the digital enterprise that has these new porous perimeters,” Barsamian said. “We think that analytics can take the massive and make it manageable.”