Thales Blog

HP Protect: Security Intelligence, Cyber-Criminals And Train (the Band)

September 19, 2013

Over the past few years, cyber-criminals have evolved drastically. They have joined forces at alarming rates and are often going after the same targets and using similar tactics to get what they are after. Traditional perimeter security isn’t working.  Some would argue that it may be necessary for known threats, but it just isn’t enough to keep adversaries from their primary targets: your intellectual property and critical data.

The theme of this year’s HP Protect conference was “Security for the new reality.” Over the past three days, I learned from attendees and customers that they are looking for new ways to protect themselves from highly organized cyber-criminals.

Security Intelligence was at the heart of this discussion

Why is Security Intelligence at top of minds today? It’s simple; the bad guys are getting smarter and more aggressive as they go after critical data – but their activities can be traced. For example, attendees of HP Protect saw first-hand how HP ArcSight makes it fast and easy to detect the access violations and identify the perpetrator or compromised account.  The Vormetric Data Firewall™ ensures sensitive data is safe because it is encrypted and includes security intelligence data (in the form of logs) that captures access attempts and access patterns to the protected information. With this combined solutions you can:

  • Block unauthorized users, monitor, alert and report on incidents.  Unauthorized access attempts to protected data (including from administrative and root users) can be not only blocked, but also monitored and alerted on – giving warning of either a compromised account or insider that may be attempting to steal information.
  • Pinpoint unusual patterns and act on the data - Monitor authorized user and process access to protected data for anomalous patterns of use that could indicate a process has been co-opted by malware, or a malicious insider that normally has free access to the information.  Even implement policies to block them if their access profile has changed to become a threat.

HP ProtectThere was also a lot of great networking. At a Bird of a Feather session with the HP ArchSight Threat Response Management (TRM) we discussed how interesting it is to have granular file level access logs for servers.  Correlating this information with more traditional AV, firewall and NetFlow logs results in much deeper visibility into Insider abuse and APT style attacks can be game changing.  Even more exciting is discussing the possibilities of automating a protection response down to the specific file or folder that is being compromised.  Today it is a conversation – it will be exciting to see where we go as the possibilities are endless.

I think Rick Holland from Forrester Research said it best in Five Steps To Build An Effective Threat Intelligence Capability, “Targeted attacks are on the rise. The attacks are increasingly more sophisticated, and our detection and response capabilities are woefully inadequate.” If you are not protecting your intellectual property and critical data from the inside out you may unwillingly enable malicious insiders or and advanced malware.

But remember, there are still those who think firewalls, antivirus programs and perimeter security software are enough to keep their data safe. Are they just kidding themselves?

My Favs: “Hey Soul Sister” “Meet Virginia” “Drops of Jupiter”

I would be remiss if I didn’t mention Train – the Band. Since 1994, Train from San Francisco, CA has been producing countless hits that find me singing along without even realizing I know all the words.  And yes, the HP Protect Conference party featured Train’s lead singer Pat Monahan, and guitarist Jimmy Stafford—playing many of Train’s top hits – and  what I didn’t see coming were covers from Led Zeppelin, Rod Stewart and Journey as well.  Yes, he sang “Maggie”.  They played all of my favs plus many more including:  “Save Me San Francisco” and “50 Ways to Say Goodbye”.  In fact, I think they played 8 of the 10 songs listed in this Train’s Top 10 video blog post.  Who says security can’t be fun!

National Portrait GalleryOf course, the venue wasn’t to be ignored either. The Smithsonian’s National Portrait Gallery, in Washington D.C. is amazing. Before Train took the stage we were able to wander various sections of the gallery and see famous presidential portraits – From George Washington to Lincoln to Clinton - and a few American impressionists including John Singer Sargent.  The Gallery tells the history of America through individuals who have shaped its culture. It portrays poets and presidents, visionaries and villains, actors and activists whose lives tell the American story. The gallery was truly fantastic.

All in all, “Security for the new reality” at HP Protect 2013 was a very appropriate theme, and the security issues being discussed were real and relevant.  The celebration was not too bad either!  See you next year – HP Protect 2014, September 8-11 -