HPE’s ADP 2.0 is a potential solution to traditional security information and event management (SIEM) complaints. According to AlienVault, a threat management solutions company, the five most common complaints about SIEMs are they are too complex, take too long to deploy, are too expensive, are too “noisy”, and are not typically cloud friendly. Although most companies wish to deploy these systems with urgency, it can take months for them to become effective and there is a problem with over alerting.
“When everything requires your attention, nothing will get it,” Lauren Barraco of AlienVault said. “Furthermore, these alerts often lack the actionable intelligence security analysts need in order to respond and investigate. It doesn’t help me to know that a particular event occurred if I don’t know what to do about it.”
Related: Log and Event Manager, monitors log data from devices and applications on the network. Alerts and takes action against suspicious and malicious activities detected
ADP 2.0 promises to be an “open and scalable solution to collect, normalize, and enrich data for, compliance, regulations, security, IT operations, and log analytics.”
“Visibility of the entire infrastructure is the key to better detection, investigation, and response to threats,” HPE boasts. “Businesses today need a data collection platform that is reliable and secure, and helps them operate efficiently and effectively at low budgets.”
The new data platform will be able to collect machine data in real-time from a wide range of sources including logs, sensors, stream network traffic and social media. Being able to search, monitor and analyze the data faster in turn speeds up the process of detecting security threats. Not only can the platform collect date from a broad range of sources, but it can send that data to any location, such as third-party platforms like Hadoop.
Related: Server and Application Monitor, monitors/alerts on the health and status of servers and their applications
ADP 2.0 will also allow companies to expand the size of deployment with relative ease. HPE said security teams can begin with a small, midsize or large deployment and then add new processing or functional capabilities on the fly. Over 350 out-of-the-box connectors save time and effort that goes into on-boarding data sources.
HPE also promises that the new data platform will be easier to deploy and mange. ADP can now be configured, managed, and monitored through a centralized management console, allowing you to connect to data easily and with just a few clicks.
There’s even a new mobile app included, allowing for on-the-go dashboard management. View-only access can be given to teams or contractors to limit unauthorized access. It is HPE’s hope that the new, more user-friendly setup will help companies focus on security rather than the tool itself.
“Security analysts need to widen their view into data systems in order to find threats at the scale and speed required in today’s landscape,” said Tom Powledge, vice president and general manager, HPE Security ArcSight, Hewlett Packard Enterprise. “With HPE ADP 2.0, we’re giving customers the open architecture and scalability they need to be effective in stopping threats.”