Webroot Announces BrightCloud® Threat Intelligence for HPE ArcSight

Real-time, Contextually-aware IP Reputation Data for Next-Generation SIEM to Detect Advanced Targeted Attacks and Unknown Threats

BROOMFIELD, CO. - February 29, 2016

Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announces the Webroot BrightCloud® Threat Intelligence integration with HPE ArcSight Enterprise Security Management (ESM). This will allow customers to quickly uncover malicious IP addresses in their internal network traffic, accelerate forensic analysis, and prioritize the most serious threats for immediate response by cybersecurity threat teams.

According to the Webroot 2016 Threat Brief, over 100,000 net new malicious IP addresses are launched every day. Webroot continuously monitors and maintains a database of over four billion IP addresses from which a dynamic list of approximately 12 million malicious IPs is updated every few minutes and made available to HPE Security ArcSight customers in near real-time. The Webroot® Threat Intelligence Platform correlates IP reputation data with URL, file, and mobile application data to determine relationships between object types while providing a predictive risk score for each IP. HPE ArcSight ESM has proven to be a valuable platform for correlating security events with highly-accurate, real-time IP reputation data to effectively detect and alert on malicious IPs within an organization.

“Because attackers change hosts and IP addresses frequently, enterprises can struggle to determine which new IP address activity indicates a threat to their organization,” said Mike Malloy, executive vice president of products and strategy at Webroot. “With BrightCloud Threat Intelligence for HPE ArcSight, enterprises can augment threat data in their existing security response solution with big data analytics and automated machine learning to rapidly identify potentially dangerous incoming IP traffic, prioritize their responses, and minimize the window of opportunity for attackers.”

BrightCloud Threat Intelligence for HPE ArcSight ESM continuously updates a list of malicious IPs in nine different threat categories including botnets, Windows exploits, and denial of service and forwards those IPs as CEF events to HPE ArcSight ESM. Customers can then correlate the list of malicious IPs from Webroot with security events indexed by HPE ArcSight ESM to detect malicious IP activities in their incoming IP traffic. HPE ArcSight ESM alerts users to suspicious activities as they happen and the Webroot Threat Intelligence Platform is able to provide additional detailed contextual information on each malicious IP so that incident response teams can quickly investigate and remediate the most serious threats before they lead to costly data theft and loss.

“According to ESG research, 27 percent of cybersecurity professionals working at enterprise organizations say that spending on their organizations’ threat intelligence programs will increase significantly over the next 12 to 18 months,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “As the volume of cyberattacks increases, enterprises will continue to purchase commercial threat intelligence offerings from vendors like Webroot, and use threat intelligence integration features in their SIEM platforms like HPE ArcSight ESM to uncover the proverbial needle in the massive cybersecurity haystack more quickly.”


ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイトhttps://www.webroot.com/jp/ja/ をご参照ください。