Article Options
Enterprise Security Trends Blog | HP Blogs
Keep up with the latest cyber, cosumerisation, collaboration and cloud enterprise security trends from the team of HP information security professionals.

Protect your Enterprise Information by using what it tells you.

RichFerrier| July 12, 2012
4 Comments
0

 Your company’s information is in constant peril. I know ‘peril’ sounds like a strong choice of words, but when you think about all of the ways your information can be hacked - worms, mutating viruses, port scans, denial-of-service assaults, users? – the word peril just about sums it up.

 

Logging-Monitoring_123RF-300x203.jpgAnd since all enterprise information is threatened by these constant dangers, you need to be able demonstrate to your customers and regulators that your company has an effective security posture, the ability to respond rapidly to incidents, and the ability to meet stringent compliance reporting requirements.

 


Point solutions for specific threats may seem like a good idea at first but in the long run, they are not the best choice. With increasing pressure from Sarbanes-Oxley (SOX), UK Government Connect, HIPAA, PCI DSS, and other regulatory and commercial initiatives, both small and large companies are starting to adopt Security Information & Event Management systems, or SIEM for short, that combine the disparate information generated by point solutions and deliver a holistic view of their overall security strategy.

These don't in anyway replace those point solutions but will make sense of them in a centralised manner.

 

SIEM systems collect and correlate millions of different events and transform that data into comprehensible dashboard displays, comprehensive management reports and actionable alerts.

 

SIEM systems can:

  • Detect fraud
  • Expose internal and external threats
  • Spotlight weaknesses in security enforcement
  • Highlight configuration issues

 

Even more important in light of today’s regulatory demands, a SIEM system can demonstrate your organization’s compliance with governmental regulations and policies. If your enterprise does not have a SIEM solution in place, you are increasing the risk of seeing your organizations’ name on the front-page of the tabloids for security blunders. The word ‘peril’ is sounding more and more appropriate right?

 

HP offers a Security Information & Event Management services that leverages HP networking, infrastructure, and SIEM expertise to create a unified SIEM solution. With this offering, there is no need to design and administer a complex security management system on your own. HP has done the work for you, so you can choose the options that best suit your security and compliance requirements—while experienced HP security personnel implement and manage your SIEM service.

 

Have you adopted a SIEM solution yet? If so, what were your reasons for choosing SIEM? Is it helping you to overcome the information security ‘perils’ that are lurking in the shadows … or out in broad daylight, which seems to be the case more and more these days?

 

You can learn more about HP’s SIEM services in this Fact Sheet. Or visit these resources to read more about HP’s Enterprise Security Solutions:

 

Tags: ArcSight| enterprise security| Enterprise security solutions| information security| Log management| View All (9)
Labels: Enterprise security
Labels:
Comments
Calum Auld(anon) on ‎07-12-2012 02:24 PM - last edited on ‎07-12-2012 04:43 PM RichFerrier
Options

Interesting article Rich.  It amazes me still that people don't realise the importance of correlation in this day and age.  All APT's that we see would (and can) be caught early if more people implemented a SIEM solution like ArcSight.  The ability to correlate and search millions of logs from disparate systems in seconds is vital in being able to track a malicious piece of code or a disgruntled user.

 

Many companies today still believe that because they have SYSAdmins receiving alerts from all their systems that they are covered.  This is not the case and without the assistance of ArcSight, many companies will be missing the vital information they need in order to protect themselves from fraud and threat exploitation

0
Nadhan | ‎07-13-2012 05:04 PM
Options

Great points, Rich.  In my post on Informationalization introduced by Thomas C Redman on the Harvard Business Review blog, I refer to his assertion that this must be done securely.  Your post reinforces this idea very well and double-clicks on how this can be done.  @NadhanAtHP

0
TSchreider | ‎09-21-2012 01:58 PM
Options

Rich I was glad to see that you called out fraud detection as a fundamental aspect of SIEM.  The advent of Big Data is providing more data to analyze that may present instances of fraud that were never previously available. The ArcSight CORE engine is uniquely suited to culling and reporting on patterns of fraud.

0
SIEM Guy(anon) | ‎01-22-2013 11:32 PM
Options

Nice read Rich,

 

I came across this article while resarching SIEM solutions, found it via a SIEM site that must have been writtern buy one of you guys as it draws similar conclusions as you.

 

Cheers.

Bob

0
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.
Follow Us