HP DNS Malware Analytics (DMA)

Every day the organizations process huge amount of data, connected with security. Many of them ask a question: how to transform these arrays to the valuable information increasing security from cyberthreats? The volume and level of complexity of data continuously grow. As a result, the companies need the intellectual platform of security using Security Information and Event Management (SIEM) HP mechanisms for active monitoring on the basis of scenarios of use.

Automatic data analysis about threats

Every week the organizations receive on average 17,000 notifications about malware. Annually they spend on average 1.27 million dollars only for checking inexact data or false operations of a system bezopasnosti1. It is impossible to designate working everyday life of specialists in corporate security lungs: they should trace huge amounts of data. As a result, only about 4% of all notifications about malware are exposed to in-depth examination that negatively affects protection.1 level Besides, traditional solutions for protection of endpoints (endpoint security), as well as methods "protection manually", do not allow to diagnose all infections.

To help to automate data analysis about threats, HP offers HP DNS Malware Analytics (DMA) – the unique solution designed to help to reveal the infected hosts by the analysis of corporate DNS traffic. The solution is created in cooperation with HP Labs and the internal center of cyber security of Cyber Defense Center. Its architecture which is working based on the set algorithms and not requiring installation of the client allows to reveal the infected hosts without installation of agents on endpoints. Customers can quickly detect threats with high risk, minimize unauthorized access to data and raise the overall level of security.

"Today the organizations process the large volume of the data connected with security. The inability to distinguish true danger from false can lead to the fact that some attacks will remain unnoticed. And it, in turn, can cause financial damage to the company or break a normal rhythm of its activity — Sue Barsamian, the senior vice president and the head of department of Enterprise Security Products, HP says. — The HP solution of DNS Malware Analytics available in the form of convenient packets to the companies of the different size, allows to take information on threats from DNS server events quickly to reveal malware. In combination with the ArcSight SIEM HP platform it offers the advanced opportunities of SIEM for more effective protection of the enterprise".

HP DMA quickly reveals the infected hosts, such as servers, desktop computers and mobile devices before problems are able to influence business work. For the analysis of large volume of the records DNS the solution is used by the uniform algorithmic mechanism, but did not govern. It allows to detect new threats and at the same time to reduce the number of false operations by 20 times in comparison with other systems of detection of malware. 2 Similar approach save the company a lot of time and resources. The user can place priorities of threats to make corrections first of all for those devices which have high risk of violation of security.

Fast process of setup and means of the cloud reporting allow to unroll HP DMA in the shortest possible time. This solution is closely integrated with the ArcSight SIEM HP platform that allows customers to use possibilities of SIEM and HP ArcSight Enterprise Security Management (ESM) for comparison of information to other contextual data, generation of notifications and accomplishment of actions for correction.

Data integration about security of applications

Also submitted to HP in September, 2015 the Fortify scan analytics HP platform, the machine learning technology first in own way which uses data on security of corporate applications for more exact and effective decision making on security. This technology processes results of scanning of applications in the past to reduce quantity of the problems requiring check. As a result customers can concentrate efforts on tasks with the highest priority. HP Fortify scan analytics is integrated with the existing processes of testing of security of corporate applications that increases efficiency of check of a security system and allows to receive relevant results.

Predictive analytics: fast identification of insider threats

New solutions of HP DMA and Fortify scan analytics complement with themselves the platform of behavioural analytics announced earlier this year. HP User Behavior Analytics (UBA) which allows to estimate behavior of users and to reveal both internal, and external threats for accounts in corporate network. HP UBA ranges the detected anomalies and the related risk therefore users can concentrate efforts and resources on those actions, users or applications which represent the highest risk for security of the enterprise.

Availability

• HP DNS Malware Analytics is provided in the form of service in a subscription
• The technology of HP Fortify scan analytics is available as a part of software of HP of Fortify on Demand already now.
• The HP solution of User Behavior Analytics is already available on sale. On August 30, 2015 there was version 1.1 UBA Premium. HP UBA Premium is offered in the form of packets for basic subjects to protection. It is licensed on users, to specify the prices at the local commercial representative of HP ESP.