The sophistication of cyberattacks has grown substantially in recent years, as adversaries both specialize and share intelligence, tools and plans in order to improperly obtain data and disrupt critical enterprise functions. In isolation, organizations struggle to stay ahead of this new breed of collaborative attacks, placing themselves in constant risk of financial, competitive and reputation losses.
Currently being piloted with a qualified group of HP ArcSight customers, the platform will provide participants with real-time intelligence on the attack vectors, methods, motivations and specific adversaries behind the threats they face. For example, the banking industry often falls prey to a domino attack where one organization is hit with an attack that is later used against its peers until many have been breached. With HP Threat Central, once a threat is identified, authorized community members are alerted in real time, enabling them to look for similar indicators within their own organizations to get ahead of the adversary.
“Adversaries today organize around an underground marketplace for sharing resources and techniques to mount increasingly advanced attacks that cause extensive damage to organizations around the globe,” said Jacob West, CTO, Enterprise Security Products, HP. “To combat collaborative attackers, enterprises must join together by sharing targeted intelligence confidentially and in real time to create a unified industry defense.”
In order to counter attacks created by a marketplace of adversaries, organizations must be able to respond quickly and effectively to beat them at their own game. For this to be feasible at scale, the industry needs a common platform that automates the collection and exchange of a broad range of security indicators and threat intelligence in a secure, confidential and timely manner.
Leveraging the platform, community members can submit threat data, analysis and mitigations to which HP will add data and analysis from HP Security Research and partners. Vetted and correlated threat intelligence will then be communicated to members via an online portal that includes a forum for discussion and comments.
As the community learns more about a specific attack, the adversary and mitigations, this information will also be shared. Beyond the portal, HP ArcSight customers will be able to automatically leverage shared intelligence to take immediate action.
HP currently analyzes information from a variety of sources, including original research, open source intelligence, as well as active data feeds from HP products and service engagements. The breadth and depth of HP’s security assets, install base and security community uniquely positions HP Security Research to facilitate the sharing of intelligence for combating security threats.
“Given the current security landscape, enabling the exchange of threat intelligence between organizations and applying insights gained through sharing are essential to disrupting the growing community of adversaries and minimizing potential business losses,” said Christina Richmond, program director, Security Services, IDC. “By integrating shared threat intelligence with HP ArcSight, customers can benefit from rapid, automated response to major threats. This intelligence, vetted by HP and the community, will enable customers to better protect themselves using existing security resources.”