There’s no shortage of data that network devices spew out every minute. The only problem is how CISOs can sort through the logs to glean actionable information.
Hewlett-Packard’s answer is to do it for them.
This morning HP revealed a cloud analytics service will start later this month to process data generated by an enterprise’s DNS (domain name system) requests which could signal malware in a system.
It was one of several announcements made at the company’s HP Protect security conference, including a new automated analysis engine for the HP Fortify on Demand cloud application testing service, which will give faster and more accurate results.
DNS Malware Analytics sits inline and beside a DNS sever, collecting and forwarding data to HP for inspection.
“It’s a solution that now allows us to detect compromised hosts in your environment using DNS traffic,” Frank Mong, vice-president and general manager of HP enterprise security solutions, said in an interview. “A lot of the times endpoint security — antivirus — isn’t effective in catching everything bad. They look for signatures, things that are well-know to be bad. But they have a hard time detecting code that’s doing things that are benign — for example, trying to contact a command and control server.
HP said the service uses an algorithmic engine, as opposed to the more common rules-based approach, to analyze the high volume of DNS records. This allows new, unknown malware to be detected, the company says, as well as reducing false positives by a factor of 20 over other malware detection systems.
The service starts Sept.15. One-year subscriptions start at US$80,000 to analyze up to 5 million DNS packets per day.
The service fits in with the release earlier this year of HP User Behavior Analytics, Mong said, which analyses user actions. Results from both UBA and DSN Malware Analytics can be fed into HP’s ArcSight system information and event management suite to help enforce security policies.
For DevOps teams who use the Fortify on Demand cloud service, which examines application and Web code for security vulnerabilities, there’s a new scan analytics engine. It not only takes some of the load off HP [NYSE: HPC] staff who had been manually looking at code, it also promises faster results.
“No longer do you have to wait days to get a response back; we’ll give it to you in hours,” said Mong — and it’s more accurate.
The engine recognizes that a lot of applications these days re-uses code libraries, particularly open source code. Analyzing that automatically speeds things up. “We don’t need to look at that code; we’ve scanned it thousands of times,” Mong said. As a result HP analysts can spent more time looking at code tagged by the engine as exceptions.