Showing posts with label HP ArcSight. Show all posts
Showing posts with label HP ArcSight. Show all posts

HP ArcSight Express and EnCase® Cybersecurity: Cost-effective Incident Prioritization and Response

Anthony Di Bello

There is a misperception—often heard—that  large companies make software solutions that try to be all things to everyone. We at Guidance Software work with some of the largest technology providers in the world, such as HP, Blue Coat Systems, and IBM, among others, to integrate our industry-leading incident response technology with best-of-breed SIEM and threat-detection solutions.

This is because we and our partners realize that whole, effective solutions to modern information security challenges cannot be delivered by any single information security vendor. Through our EnCase® Cybersecurity incident response solution, we help our customers bridge the gap between incident detection and response. We have seen time and time again that without an incident response solution or any degree of incident response automation (relying on human intervention) can lead to high response costs--up to $5.5 million per incident per recent Ponemon Institute research.

EnCase® Cybersecurity and HP ArcSight Express Join Forces to Deliver a Powerful Post-Event Solution

When it comes to integrating with industry-leading technologies, something is always in the works at Guidance Software. This week at HP Protect in Washington, D.C., we announced a powerhouse incident-response bundle that pairs EnCase Cybersecurity with HP ArcSight Express. 

Designed for organizations that have invested in the ability to detect threats, but that are challenged in figuring out which of the alerts in the alert storm are meaningful, our combined solution is a comprehensive, best-of-breed post-event workflow that can help you automatically prioritize and respond to the most critical alerts. 

Black Hat 2014: Live Demo of Threat Detection and Intelligence for EnCase

We invited Jessica Bair, one of the ThreatGRID experts with whom we have partnered at Cisco, to write a guest blog post for us about their upcoming presentation in our booth at Black Hat 2014, and she has delivered. We welcome her and Cisco SourceFire and ThreatGRID to our Guidance Software booth #1141--and to the Endpoint Intelligence blog.

The threat landscape is rapidly evolving and organizations are having a harder time keeping up. The negative consequences of security incidents continue to be more impactful. The trends, unfortunately, are favoring the adversaries:

  • Attackers getting better and faster than the defenders. Attackers now compromise organizations in days or even hours, while it takes defenders weeks or even months to discover that they have been compromised. This gap is increasing.
  • The number of incidents detected continues to grow. Organizations are detecting 25 percent more incidents than last year. While some of this may be the result of better detection, it still points to the growing number of incidents that need to be responded to and handled--not to mention the time pressure.
  • The financial costs of incidents are rising, particularly among organizations reporting high dollar-value impact.
  • There is a major shortage of skilled cybersecurity professionals, more than any other role within IT.
What is required is a threat-centric, integrated solution for breach detection, threat analysis, and remediation. Guidance Software, Inc. partnered with SourceFire and ThreatGRID (both now part of Cisco) for a best-in-class integrated approach:

The combined approach provides you with efficient and rapid incident response, including:

  • Proactive breach and threat detection with SourceFire NGIPS
  • Analysis of unknown threat files in ~5-30 minutes with ThreatGRID
  • Remediation across the enterprise with EnCase Cybersecurity
The business value and benefits are immediate and lasting. Our combined approach:

  • Decreases the time between detection and remediation
  • Increases the productivity and efficiency of security professionals to manage threats
  • Reduces risks and associated costs by lowering the exposure to related breaches
  • Increases the accuracy of malware analysis and threat intelligence.
We invite you to come see a live demonstration of this integration in action at Black Hat 2014. The demonstration will be held at 1:50 p.m. on Thursday, August 7 in the Guidance Software theater in booth #1141. Security experts will be on hand to answer your questions and discuss how you can improve your breach detection, conduct efficient threat analysis, and complete rapid, enterprise-wide remediation. See you there!

Jessica Bair, EnCE, EnCEP
Sr. Manager, Business Development
Advanced Threat Solutions - Cisco Security Group

Black Hat 2014: It’s the Year of the Endpoint

We just got back from Las Vegas, where we were excited to see so many information security, legal, and digital forensics pros at CEIC 2014 at Caesars Palace. But we’re already ramping up to head back to Vegas for Black Hat 2014, the annual confab designed for the InfoSec practitioners we love to work with.

With endpoint security demonstrations throughout the day, as well as collaboration with stellar industry partners, our booth theater will be busy nearly every minute that the trade-show floor is open. Come by booth 1141 to learn about:

  • "A POS Hack: What's in Your Wallet?" with retail security professional Richard Thompson
  • "A 360-Degree View of Enterprise Risk"
  • "Endpoints Under Attack"
  • "Strategies for Verizon DBIR Top Three Breaches," with EnCase Cybersecurity product manager Ransher Singh
  • A handful of choice guest speakers to be announced in a later blog post.
And that’s just Wednesday. Careful readers will see a theme emerging: Advances in perimeter security aren’t enough – you need a new endpoint security strategy. Check the blog again later this week for more news on what you can expect in booth #1141 at Black Hat, and let us know if you have any questions in the comments section below (such as, “Hey, are you guys giving away that awesome 'Hunt or Be Hunted' t-shirt again?” and, “What about that ray gun?” Which is for us to know and for readers of future blog posts to find out…).