In the recent Cyber Risk Report from HP, we provided a broad view of the vulnerability landscape. The report ranges from industry-wide data down to a focused look at the use of different technologies, including web and mobile. It offers actionable security for intelligence organizations to better understand their vulnerability landscape and best deploy resources to minimize security risk.
Findings from this same Cyber Risk Report show that legacy technologies continue to introduce new security vulnerabilities, with reports pointing to a marked increase of 768% in vulnerabilities - as indicated by the Supervisory Control And Data Acquisition (SCADA) systems. Web applications remain a substantial source of vulnerabilities, and mobile platforms are poised to be the next major growth area for vulnerabilities. The explosive adoption of mobile devices and applications has resulted in a proliferation of mobile-based vulnerabilities. These findings and recent developments raise immediate concerns for cloud computing.
Be mindful of the “Unknown Unknowns”
It is not enough to just increase security testing and analysis sweeps for known cyber risks. Cloud applications, their data traffic exchanges and the platform APIs that these cloud services talk to have to be taken in context and analyzed for vulnerabilities. High-risk vulnerabilities can be missed if they are tested out of context with each other. We need a security intelligence and risk management (SIRM) platform that delivers on an industry-leading, cost-effective data log management. And this platform should be provided as part of an integrated cloud management solution.
When addressing the “Unknown Unknowns”, we require a universal log management solution that collects, analyzes, and stores massive amounts of increasing data. Data that is generated across multiple sources in a hybrid cloud environment. This solution needs to provide audit trails that unifies searching, reporting, alerting and analysis across different types of enterprise log data.
HP Cloud Management unifies enterprise data logging with HP ArcSight Logger
Integrated for use with HP ArcSight Logger into HP CloudSystem Enterprise, HP Cloud Management avoids piecemeal approaches of using different products for IT search, application development, security and compliance. The market use of “thrown together” methods, by cobbling together loosely coupled products today simply does not work - it results in wasting resources and increasing risks. Greater value comes when products work in lock step within HP Cloud Management, to realize the full capacity as a cloud management platform that truly meets security and compliance for cloud computing. For a single throat to choke.
An integral component in HP Cloud Management, log management is critical in the use cases of security, compliance, application development, and IT operations. The ability to rapidly access and search log data anywhere in the enterprise, and provide the contextual information needed to augment evidence collection is paramount. HP ArcSight Logger improves visibility into the network, tracks for system-application health and availability, and improves network and system troubleshooting activities. This gives you:
- Comprehensive collection of data logs from 300+ log-generating sources
- Data enrichment to simplify analysis with the use of ArcSight Common Event Format
- Unmatched performance of capturing raw logs at 100,000 events per sec
- Enterprise scalability with wide deployments across a hybrid cloud environment
- Flexible storage options including the means to compress-store up to 42TB of log data
- Pre-packaged content for cyber security, compliance, app development and IT ops management
In an earlier blog post, we talked about extending best-in-class network security and data protection for integrated use across your hybrid cloud space. In order to protect though, we first need to be aware that an unknown even exists, before ascertaining the nature of these unknowns. As shown in the diagram above, it starts with the basic exhaustive collection of machine data from an ever increasing number of sources, using a single unified interface. Comprehensively managing these digital fingerprints for the searching, indexing, reporting, analysis, and retention of cyber anomalies.
See how ArcSight Logger works with CloudSystem Enterprise
Typically, security and log event information are captured at the host and application level. Events can be sent directly to a Logger or ESM. HP ArcSight Connectors can be used to normalize the log data into the Common Event Format (CEF), which presents log data from various vendors in a standardized format for searching and correlation. Log information can be sent to the HP ArcSight Logger for aggregation. Once the data is collected on the HP ArcSight Logger, filters can be applied to forward specific event information to the ArcSight ESM for further analysis, investigation and action.
Enabling HP ArcSight to protect HP CloudSystem Enterprise core components requires configuring these component applications to send security information and events from each application to the ESM or Logger. Each CloudSystem Enterprise component—CloudSystem Matrix Central Management Server, Cloud Service Automation, Operations Orchestration, Universal Configuration Management Database Server, etc.—can be configured to collect, for example, information from the operating system and application log files. This information can be collected using standard syslog and event log collection or through the use of HP ArcSight Connectors for more detailed application and operating system specific event logging.
Learn more about HP ArcSight Logger, as used in HP Cloud Management
Recently ranked by the 2013 Gartner Magic Quadrant for Security Information and Event Management, HP ArcSight continues its strong leadership on completeness of vision and the ability to execute on that vision, for a position in the Leaders Quadrant for ten consecutive years. For more information on integrating market leading assets like HP ArcSight Logger and deliver on the HP Cloud Management experience, download this information :