Organisations are shifting from traditional security methods to focus on protecting interactions between users, applications and data, according to Tim Grieveson, chief cyber strategist at Hewlett-Packard (HP) Europe.
“We are seeing a tsunami of data and security professionals are struggling to manage security logs and identify high-risk threats and indicators of compromise,” he told Computer Weekly.
Traditional approaches of aggregating security data, said Grieveson, means the security professionals are now faced “with trying to find a needle in a haystack of needles”.
In response, HP has unveiled two products to round out its user behaviour security analytics offering at the HP Protect annual enterprise security user conference in National Harbor, Maryland.
HP DNS Malware Analytics (DMA) is a clientless algorithmic-driven service designed to identify infected hosts by inspecting an enterprise’s DNS traffic. HP Fortify scan analytics is machine-learning technology designed to harness the power of an organisation’s application security data.
HP DNS Malware Analytics will be available on 15 September 2015, while HP Fortify scan analytics is already available as part of HP Fortify on Demand.
“Rather than focusing on the server, desktop or mobile device, we are aiming to make it easier to focus on the interactions between them through deep inspection of the DNS and layering on the contextual awareness of the business using the expertise from HP’s research labs and intelligence from customer deployments to identify the knowns and unknowns simultaneously,” said Grieveson.
Automating threat data analysis, he said, provides a much richer picture of enterprise data across all platforms and allows IT departments to identify the greatest risks and concentrate on the things that are really important. “It is about enabling prioritisation and focus,” said Grieveson.
According to the Ponemon Institute, organisations in Europe spend 272 hours a week or nearly £516,000 a year on average dealing with false positive cyber security alerts, while US enterprises spend $1.3m (£831,000) on average each year dealing with false positive cyber security alerts.
Organisations are dealing with nearly 10,000 malware alerts a week, but only 22% are considered reliable and only 3.5% are deemed worthy of further investigation, according to Ponemon’s Cost of malware containment study published in July 2015.
“We are seeing organisations really want to get into the context of looking at how their users are behaving and identifying any anomalies,” said Grieveson.
Another emerging trend is an increased focus on application development as organisations understand that breaches are occurring at the application layer.
“Organisations are spending a lot more time on the software development lifecycle. The HP Fortify scan analytics is designed to enable businesses to focus on application data rather than just the app,” said Grieveson.
Security analytics technologies, he said, are about reducing noise and bringing situational awareness to security events by gathering and analysing a broader set of data from the whole of the environment rather than a single point.
At HP Protect, Grieveson will lead a workshop for 12 European chief information security officers (CISOs) on emerging security technologies and how to improve their skills to interact with company boards.
“We are also going to discuss how CISOs interact with their company’s supply chain, which is often overlooked, and look at techniques for improving in this area,” he said.
According to consultancy firm Booz Allen Hamilton, data security risk through third parties is a pervasive problem few organisations are managing well.
There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013 to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.
“The problem is pervasive, but failure to deal with it is due to some pretty basic failings, such as organisations not knowing all their suppliers,” Drew Wilkinson, senior associate and cyber risk expert at Booz Allen Hamilton told Computer Weekly.