The topic of ‘Identity Intelligence’ seems to have become a recurring theme in InfoSecurity circles today, as well as in vendor marketing hype and tradeshow topical discussions. Diverse systems’ data, accumulated and scrubbed in a data warehouse(s), is merely information – analyzing and correlating that data in near real-time and applying the result creates Actionable Intelligence.
As showcased at the Gartner IAM Summit last fall (and eloquently opined there by Earl Perkins and colleagues), the integration of Identity and Access Mgmt (IAM) technologies, including Privileged ID Mgmt. (aka PIM) with SIEM, eGRC and BI apps, is a necessity.
The real integration of these ‘application silos’ yields the following benefits (and there are likely a more):
• Improved IT Risk Mgmt: Reduces the overall risk profile for an enterprise
• Proactive Security Posture: Allows the organization to be less reactive to security threats and apply Continuous Monitoring techniques
• Advanced Forensics: Provides earlier anomaly detection, a more granular audit trail of user activity and faster incident response times
• Audit Ready: Helps meet regulatory compliance requirements and a repeatable reporting process for internal/external IT audits
ArcSight Protect ‘11
Reflecting on the recent, successful HP ArcSight Protect ’11 global customer conference (which was excellent, as usual), I’d like to offer several observation points for your review:
1. The massive Gaylord Resort at National Harbor provides an oasis for a captive audience and is conducive to staying focused on any conference. A recommended venue.
2. HP’s Enterprise Security Products (ESP) division will be formally launched on Nov 1st, 2011 and includes ArcSight, TippingPoint, Fortify products plus Viistorm, the UK-based security company which will act as the global security services arm
3. HP EVP Tom Reilly’s visionary keynote message was on target with the ID Intelligence theme and emphasized:
a. Security Information Risk Management (“SIRM”) is HP ArcSight’s new acronym (remember ETRM?)
b. The APT and Stuxnet Reality: Assume that you’ve already been hacked; adopt a prioritized, Risk-based InfoSec approach\
c. “Well-Funded Adversaries” = Nation States and Organized Crime are highly sophisticated
d. “We all struggle with ‘BYOD’ (Bring Your Own Device) to Work” = Mobility Security Challenges
e. The Cloud, Virtual Environments and Mobility provide new ‘attack surfaces’
f. Link to Tom’s video interview: http://www.youtube.com/user/HPSecure?feature=mhsn#p/u/0/uhb6u_LB7To
4. The ability to assimilate, analyze and correlate various enterprise data sources within the SOC is a highly desirable and creates value for customers
5. ArcSight’s technology ecosystem partners are being strongly encouraged to implement “closed loop response actions” which will allow real-time remediation activity from directly within the SOC and the ArcSight ESM™ platform to complementary third party security solutions.
6. Based on Cyber-Ark’s alliance with HP ArcSight, we were delighted to have presented a customer case study and were invited to be video interviewed by SC Magazine on the topic of, you guessed it, ‘Privileged Identity Intelligence’.
Link to the video interview: http://www.scmagazineus.com/sponsored-video-richard-weeks-of-cyber-ark-on-identity-and-access/article/212644/
Privileged Identity Intelligence – Market Leadership
Cyber-Ark’s active technology alliance initiatives to integrate Cyber-Ark Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites with the HP ArcSight SIEM Platform, especially when combined with our ongoing ‘PIM entitlements’ and eGRC access certification integration efforts, will continue to deliver tangible benefits for enterprises interested in further reducing IT risk and creating a more proactive InfoSecurity posture. Please stay tuned…
