Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, November 30, 2012

HPL Security Intelligence-as-a-Service (SILAS)

As discussed in previous posts, our HPL Security Intelligence-as-a-Service (SILAS) solution consists, at the very base, of R&D Analytics Technology that provides: statistical analysis of data; predictions based on simulations.
We now have achieved an important milestone in collaboration with HP business groups: a full working implementation is available.

Additional details and a few screenshots of the public, R&D version of SILAS are available online. Below I attach a screenshot of the SILAS main dashboard.





A typical scenario (where SILAS can be deployed and add value) consists of a multitenant Security Operation Center (SOC),

In this scenario the SOC manages incidents and IT operation issues for multiple customers. SILAS calculates and provides a wide variety of strategic metrics: customer metrics, reflecting the effectiveness of their processes (e.g. vulnerability and threat management - VTM, identity and access management - IAM, etc.), based on the data they shared with the SOC; metrics related to external threat environments (e.g. derived from information collected from HP ArchSight, HP TippingPoint, DV Labs, OSVDB, etc.); metrics providing an assessment of SOC processes, e.g. how effectively they identify incidents, close alerts, deal with false positives; what-if analysis and predictive metrics. All these metrics can be conveyed to customers (and/or other stakeholders) via reports, by highlighting trend analysis and benchmarks.

SILAS is meant to:

• provide estimation of strategic (security, risk and business) metrics to decision makers and customers, in multi-tenancy, multi-customer contexts, such as Security Operation Centers and Cloud Operation Centers

• use these metrics to enable predictive and what-if analysis, by leveraging the HP/HPL Security Analytics Solution (based on modelling and simulation techniques)

• provide customers with strategic reports - based on processed metrics and prediction - to illustrate historical trends and benchmarks

• leverage Cloud infrastructure for data processing and metric estimations

SILAS is not meant to be a reactive, real-time analytic solution. It leverages existing solutions such as HP ArchSight, HP TippingPoint/ThreatLinq, OSVDB, etc. to gather the relevant data. As unique differentiation, it provides longer-term estimates of critical metrics and uses them to make predictions. It provides decision support capabilities to key stakeholders (risk management teams, customers, etc.). As such it nicely complement current HP SW offerings.

We are currently trialling this solution in collaboration with HP business groups.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---





Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)