HPE bids to secure IoT data from source to Hadoop

internet of things

Hewlett Packard Enterprise Co. is planting its feet in two hot security markets with the introduction of HPE SecureData for Hadoop and Internet of Things, an encryption product that’s intended to easily secure sensitive information that’s transmitted across IoT environments.

The product uses format-preserving encryption, a type of encryption that doesn’t change the underlying format of the information, and incorporates the Apache NiFi distributed processing protocol. The company also launched a new version of its ArcSight security information and event management analytics engine that incorporates natural language search for faster retrieval of event information and that integrates with a Hadoop back-end.

Apache NiFi is an integrated data logistics platform for automating and managing the movement of data between any source and any destination.  The combination of SecureData for Hadoop and NiFi enables organizations to incorporate data security into their IoT fabrics for managing sensitive data flows with encryption done near the network edge.

Created at the National Security Agency and open-source under in Apache license, NiFi enables developers to build data flow models that route information from screening sources into a data store. “It’s like ETL [extract/transform/load] for streaming data,” said Reiner Kappenberger, head of global product management for big data security at HPE. “The format-preserving encryption preserves string length, so if you use that information downstream it doesn’t break anything.”

Format-preserving encryption is important in applications in which field length this fixed, such as Social Security numbers. Standard encryption returns variable length results, which can confound applications that are expecting a nine-digit input. HPE’s approach complies with National Institute of Standards and Technology and Federal Information Processing Standard peer-reviewed guidelines. Kappenberger said format-preservation doesn’t affect encryption strength.

“Format-preserving encryption isn’t as widely known as it should be,” he said. The technology has collateral benefits in that it enables people to work with live data without having access to unencrypted information. “I can limit SIEM [security information and event management] access only to the people who actually need it,” he said.

The Hadoop angle addresses the growing popularity of the open-source data store as a destination for IoT information. “Most use cases we see with IoT use Hadoop on the back end to analyze the data,” Kappenberger said. NiFi enables data to be normalized on the fly before being stored in Hadoop. The product is the only one of its kind to be certified to integrate with Hortonworks Inc.’s Hortonworks DataFlow, according to HPE. This ensures that information is secured throughout the data flow management and streaming analytics process.

“We sit both inside and outside the Hadoop cluster,” Kappenberger said. “Whether you’re using Hive, MapReduce Storm or whatever, we work with it.”

Speedier log searches

ArcSight Investigate is a new member of the ArcSight line that incorporates an embedded version of HPE’s Vertica column-oriented SQL database management software to enable security teams to identify threats up to 10 times faster than with competing systems, HPE said. Vertica, which is expected to transition to ownership by Micro Focus International plc as part of the sale of much of HPE’s software portfolio, is highly regarded for its performance and flexibility to accommodate a variety of formats. 

With ArcSight Investigate, HPE is addressing what it says is the complexity security teams encounter with standard SIEMs when trying to pinpoint critical information in  massive log files. “Instead of relying on complex query-building, I can type into the search field ‘find all the malware infections using a particular alphanumeric strong or on a particular set of IP addresses,'” said Travis Grandpre, director of the global Arcsight marketing team.

With ArcSight Investigate, data is automatically stored in Vertica for up to 90 days and then moved to Hadoop for long-term data storage. Using a search engine, rather than a SQL query builder, broadens the base of potential users, Grandpre said. “We want to get to the point that we can guide an analyst who isn’t a level two or level three expert,” he said. Pricing and availability will be announced early in the second quarter.

Image by jefferb via Pixabay