HP today took the wraps off its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyber attacks or rogue-employee behavior.
HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problems.
[ Also on InfoWorld: Security pros say their companies invest in the wrong technologies and 13 IT security myths debunked. | Explore the current trends and solutions in BI with InfoWorld's interactive Business Intelligence iGuide. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]
[ BACKGROUND: Big Data Security Challenges ]
"Data is increasing and doubling every two years but companies aren't getting enough intelligence out it," says Varun Kohli, HP director of product marketing, enterprise security products, who argues larger organizations now regard their massive stores of data not just in terms of exabytes but brontobytes.
In terms of using any of this data for purposes of security, HP is making the case that enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.
HP's approach calls for making use of the data that can be analyzed with its Autonomy enterprise search and knowledge management applications and uniting some of these findings with the HP ArcSight SIEM. He notes Autonomy can monitor any website, social media sites like Facebook and Twitter, and other online sources to analyze content of interest. By correlating it with ArcSight, the SIEM can monitor employee behavior online or watch for unauthorized posting of sensitive information, he says.
Kohli says it's not only possible to pinpoint rogue-employee behavior related to data leaks but even learn in advance about cyber attacks being planned online against the organization by hactivists, who often post IP addresses to attack.