Hewlett-Packard has devised two new ways of securing enterprise systems in the endless war on malicious network attackers.
One service inspects the Internet addresses being requested by employees for malicious links and the other service learns how an organization’s coders write their programs.
The two new releases aim to “protect the interactions among your most valuable assets: your users, your applications and your data,” said Frank Mong, HP vice president of solutions. The company announced the new software at the HP Protect security conference, held this week near Washington.
HP DNS Malware Analytics (DMA) monitors outbound DNS (Domain Name System) requests to ensure employee browsers aren’t contacting rogue or malware Web sites. A DNS server provides specific numeric Internet addresses to end-user computers requesting Web sites by their domain names.
The service identifies those Web addresses that appear to be linked to suspicious activity. DMA combs through petabytes of DNS data collected by HP to identify suspicious or known malicious sites. Attempts to visit these blacklisted sites point to the possibility that malware is about to be installed on the user’s machines.
“We can see the machine calling out, and we can stop the payload from being downloaded,” Mong said.
The software uses an algorithmic engine to spot malware, drawing data from large numbers of DNS transactions collected by HP and its customers. This approach is superior to malware software that relies on a set of pre-determined rules, and thus can’t be updated quickly enough to spot emerging threats, according to the company.
DMA is designed to work with HP ArcSight, a software suite for managing overall enterprise security. Earlier this year HP introduced capabilities in ArcSight, called HP User Behavior Analytics (UBA), that can determine if a user’s credentials have been hijacked for malicious use. BMA and UBA can work together to prevent attackers from gaining entry into the internal network.
The job of spotting malware attacks is big one, and lots of time is wasted on tracking down false alarms. On average over 17,000 malware alerts are issued per week, and organizations spend an average of $1.27 million annually responding to erroneous threat intelligence, according to the security research firm Ponemon Institute. An algorithmic approach could cut down on the number of false positives, the company said.
HP has also updated its HP Fortify software with a new set of analysis tools. Fortify is a set of services and software for inspecting code to ensure it does not have bugs that could be exploited by malicious users.
The new analysis technique, now available on the Fortify service, uses machine learning algorithms to understand how an organization’s developers write their applications, so it can more quickly identify common mistakes.
“Our machine learning capabilities allow the core engine to keep learning from typical coding mistakes, so we can scan faster, and we get much more accurate results,” Mong said.,
The service can be inserted into the typical testing processes that new applications undergo before being deployed.
HP DNS Malware Analytics service, available on September 15, will start at US$80,000 a year, for analyzing up to 5 million DNS packets per day. The HP Fortify scan analysis software is now available as a new feature on the HP Fortify on Demand service.