HPE opens up ArcSight platform, courts DevOps practitioners

HPE ArcSight SIEM

Hewlett-Packard Enterprise Co. (HPE)’s announced plans to spin off its enterprise security software business to Micro Focus International plc didn’t stop the company from flooring its Protect user conference this week or making a few announcements. HPE said it’s opening up its ArcSight Data Platform (ADP) with a new release that the company claims connects more easily to third-party platforms for improved network visibility, provides massive scalability and analyzes network traffic and logs to prioritize the most important alerts.

The new platform enables allows organizations to move toward an intelligence-based security operations model that uses real-time correlation, machine learning and analytics. HPE ADP 2.0 is powered by an event broker that substantially improves the speed and scalability of the database, the company said.

“We believe you should have as many sources as possible and you need to be able to ingest data at phenomenal rates,” said Chandra Rangan, vice president of enterprise security products.

HPE is hoping to address one of the most common complaints about security information and event management (SIEM), an analytics-based approach to security that combs through activity data to spot anomalies. Once hailed as a breakthrough concept, SIEM has suffered from a lack of standards and the inability of many platforms to point security administrators to the most important events, creating information overload.

HPE said its platform is the first to deliver an open architecture that can send log data to third party analytics platforms, as well as to in-house data lakes. ADP 2.0 can handle up to one million events per second with low latency and high reliability. The management console provides a single, centralized view and analytics are oriented toward identifying the most critical threats.

“Analytics should be used to identify threats, but also to prioritize and decide how to respond,” Rangan said. “Our approach to analytics is to cover all of that. It’s really a decision support system that helps you find sources of alerts.” The updated platform will be available globally on Oct. 5.

More secure apps

The company also announced an initiative aimed at helping developers build more secure applications by integrating security testing throughout the software development lifecycle. The HPE Fortify on Demand application monitoring service provides continuous application monitoring for discovery, scanning and runtime detection of security threats across an application portfolio. The associated Fortify Ecosystem is an online marketplace that is launching with 20 partners who provide targeted services.

HPE said its Fortify Ecosystem is fully integrated into the DevOps tool chain, making it simpler for developers to build security into the development process. The marketplace features integrated systems spanning 10 distinct DevOps functional categories, including cloud, containers, security and open source.

“The monitor scans the network to look for applications that have never been seen before, catalogs them and builds an inventory for security testing,” Rangan said. “We do black-box testing post-compile and also pre-compile testing looking for all known vulnerabilities.” HPE will also advise customers on techniques that minimize known vulnerabilities. Both services are available now.

HPE also said it will boost container security through a new service that encrypts data inside containers. Most encryption schemes work on the container, but not on the data inside, Rangan said. Under the HPE approach, customers will be able to selectively encrypt all or part of the data within a container.