Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announces the Webroot BrightCloud® Threat Intelligence integration with HPE ArcSight Enterprise Security Management (ESM). This will allow customers to quickly uncover malicious IP addresses in their internal network traffic, accelerate forensic analysis, and prioritize the most serious threats for immediate response by cybersecurity threat teams.
According to the Webroot 2016 Threat Brief, over 100,000 net new malicious IP addresses are launched every day. Webroot continuously monitors and maintains a database of over four billion IP addresses from which a dynamic list of approximately 12 million malicious IPs is updated every few minutes and made available to HPE Security ArcSight customers in near real-time. The Webroot® Threat Intelligence Platform correlates IP reputation data with URL, file, and mobile application data to determine relationships between object types while providing a predictive risk score for each IP. HPE ArcSight ESM has proven to be a valuable platform for correlating security events with highly-accurate, real-time IP reputation data to effectively detect and alert on malicious IPs within an organization.
“Because attackers change hosts and IP addresses frequently, enterprises can struggle to determine which new IP address activity indicates a threat to their organization,” said Mike Malloy, executive vice president of products and strategy at Webroot. “With BrightCloud Threat Intelligence for HPE ArcSight, enterprises can augment threat data in their existing security response solution with big data analytics and automated machine learning to rapidly identify potentially dangerous incoming IP traffic, prioritize their responses, and minimize the window of opportunity for attackers.”
BrightCloud Threat Intelligence for HPE ArcSight ESM continuously updates a list of malicious IPs in nine different threat categories including botnets, Windows exploits, and denial of service and forwards those IPs as CEF events to HPE ArcSight ESM. Customers can then correlate the list of malicious IPs from Webroot with security events indexed by HPE ArcSight ESM to detect malicious IP activities in their incoming IP traffic. HPE ArcSight ESM alerts users to suspicious activities as they happen and the Webroot Threat Intelligence Platform is able to provide additional detailed contextual information on each malicious IP so that incident response teams can quickly investigate and remediate the most serious threats before they lead to costly data theft and loss.
“According to ESG research, 27 percent of cybersecurity professionals working at enterprise organizations say that spending on their organizations’ threat intelligence programs will increase significantly over the next 12 to 18 months,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “As the volume of cyberattacks increases, enterprises will continue to purchase commercial threat intelligence offerings from vendors like Webroot, and use threat intelligence integration features in their SIEM platforms like HPE ArcSight ESM to uncover the proverbial needle in the massive cybersecurity haystack more quickly.”