HP’s Security division is introducing a collaborative security intelligence platform today.  It is designed to let security vendors across the landscape exchange threat data, analysis and mitigation strategies to disrupt threats.  It’s all about information, and by sharing targeted intelligence in real time, HP is aiming to build a unified industry defense.  Information sharing has been one of the tenets of a number of predictions for security today and in the future.  HP is building this network with a select group of security vendors including Blue Coat Systems, InQuest, ThreatGRID, TrendMicro, Arbor Networks and Wapack Labs – with more on the way as they expand.

Let’s frame these threats a little bit.  Today’s cyber crime can actually fit and be described into their own collaborative model.  It’s no longer the case that there’s one determined hacker typing away in a closet somewhere – this has become very organized.  Code, malware and vulnerability information is secretly shared and traded in the underground through communications channels that include chat rooms, deep web exchanges and in places that most are not aware of.  HP’s new threat intelligence sharing partnership aims to level that playing field, with information that relates to other enterprise scale environments about threats, about vulnerabilities and with fixes/workarounds to mitigate these issues before they become an issue.

“Adversaries have the advantage today, moving faster, innovating more broadly and organizing around an underground marketplace,” said Jacob West, chief technology officer, Enterprise Security Products, HP. “To beat the bad guys at their own game, organizations must collaborate to form a unified defense and that’s what HP Threat Central makes possible.”

An ecosystem focused on collaborative defense The advantage of integrating data into a cohesive community in this way means that HP Threat Central members have access to the deep expertise from both HP and a growing network of partners, providing a more robust defense through a single platform.

You’re not alone

The stream of intelligence can also be automatically integrated into the HP ArcSight platform, as well as HP TippingPoint and other enterprise security products.  Rapid access to threat intelligence means the ability to rapidly respond, and since many of attacks in the wild today can be considered multi-vector, multi-phased attacks, any point of information can be critical to an appropriate, effective response.

Enabling integration with leading security companies to provide an advanced layer of protection, HP introduces the HP TippingPoint Advanced Threat application programming interface (API). Offered via the HP TippingPoint Security Management System (SMS), the HP TippingPoint Advanced Threat API provides access to HP Threat Central and advanced threat appliance solutions by delivering in-line blocking at wire speed with HP TippingPoint Next Generation Intrusion Prevention System (NGIPS) and HP TippingPoint Next Generation Firewall (NGFW) devices.
“Protecting against today’s advanced malware and botnets requires a 24×7, 365-day effort by security organizations,” said Rob Greer, vice president and general manager, TippingPoint, Enterprise Security Products, HP. “At HP, it is our mission to help customers block and remediate the most advanced threats, and we are committed to developing dynamic security controls and collaborating with leaders in the industry to make every second matter when it comes to protection.”

An example of how this could be used is in the detection of malware and the sharing of the remediation across members of the community. One organization might detect malware in their environment, which would be noted in their Security Information and Event Management (SIEM) platform. That information would then be shared through HP Threat Central with other trusted organizations, who could then deploy IPS filters to look for similar behavior in their environments.

Not only is this trend connecting threat information worldwide, the HP platforms have been increasing incorporating security information from within an enterprise.  The silos that once existed in large-scale environments are being brought down as these technologies emerge.  With the addition of intelligent, automated threat information at hand, one of the more interesting paradoxes is that as an organization opens up, with threat intelligence information at hand their risk posture is actually elevated.

photo credit: VinothChandar via photopin cc