Discover PerformanceHP Software's community for IT leaders // February 2012
What ‘security intelligence’ really means
With cyber-attacks gaining in frequency and sophistication, and the rising cost of a security breach averaging $9.2 million in 2011 , companies can’t afford to be without an integrated, enterprise-wide security perspective. Yet security solutions have usually been applied as “bolt-ons” rather than integrated into a larger enterprise security strategy or framework. Multiple security technologies—many of them architecture-specific—provide no real intelligence into how well your enterprise is securing an explosion of data and the systems through which that information flows.
“There’s a fundamental shift in how companies are thinking about security,” says Tom Reilly, vice president and general manager of HP Enterprise Security Products. “It’s not just about defense in-depth, but about how we get security intelligence, how do we understand where our greatest risks are and how do we detect where we have been breached.”
In response to these issues, the phrase enterprise security intelligence (ESI) has made its way into the CISO’s vocabulary. Introduced by analyst firm Gartner, the ESI concept calls for a holistic perspective on risk and vulnerability—in other words, an elimination of silos.
Without establishing ESI in your organization, it’s impossible to know where you stand on this score. Say, for example, a user accesses secure company data at 7 a.m. from Los Angeles. If that same ID is used to log in six hours later from Eastern Europe, a system made up of many disparate point products might not catch the discrepancy. The problem is siloed security—the solution is comprehensively correlating security information, and providing context eliminates silos.
Establishing ESI in your organization
Enterprise security intelligence springs from the ability to correlate information and context, as well as the correlation of technologies themselves. There are two key components to accomplishing the goal: technology and information. You have to ensure that your security systems can “talk” to one another. And you must be able to take the data coming from multiple IT systems and make sense of it all.
Knowing exactly what information your organization lacks to achieve ESI requires that you assess your needs based on your individual compliance requirements, risk tolerance and the type of proprietary information you must secure.
Of course, your industry and region, and the regions in which your partners operate, will also affect your information security needs. After a broad assessment, you can prioritize more specific requirements. Imagine what you want your security environment to look like three to four months from today, and rank the importance of such things as:
· A universal security dashboard
· Comprehensive reports
· Automated solutions
Running pilot tests of solutions that offer a holistic view is the best way to see firsthand what works in your organization. Testing solutions individually and in head-to-head “bakeoffs” helps ensure their efficacy, of course, but also demonstrates how easily they can be integrated into your existing security solution landscape.
And you might discover a winner right off the bat. When University of Washington Medicine tested the HP TippingPoint Intrusion Prevention System, the IPS prevented so many attacks that the UW Medicine security team decided it couldn’t risk uninstalling it. With the HP TippingPoint IPS, UW Medicine blocks more than 2 million attacks each week, including worms, viruses, Trojans, Web server assaults, denials of service (DoS) and other malicious activity. 
By establishing ESI in your organization as a basis for your security strategy, you’ll enable your team—and your fellow executives—to maintain a clear, universal view of the organization’s security and risk management profile. You put yourself in the ideal position to build security into a variety of emerging technologies that are likely to become of greater concern to CISOs, most notably cloud computing and mobile technology.
“We as IT professionals are changing the landscape right underneath our feet,” Reilly said in a video interview at ArcSight Protect 2011. “IT inherently increases risk. Your job is to minimize risk.
For more about developing your enterprise’s security intelligence, visit HP Enterprise Security.
 Second Annual Cost of Cyber Crime Study, Ponemon Institute, August 2011.
 “University of Washington Medicine Thwarts 803,000 Zotob Attacks in Week-Long Attack at World-Renown Medical Center,” HP customer case study, July 2010.
Register for HP’s premier event for inspiration from industry leaders, the HP inside scoop, and a deep dive into tomorrow’s enterprise IT trends.
HP Software VP Paul Muller brings in HP and industry-wide experts each week for challenging discussions about trends in Big Data, mobility, IT security and more.
HP is transforming itself using cloud technology. Get real-world insight from HP IT on delivering IaaS, PaaS, and SaaS.
Forrester analyst Kurt Bittner discusses how to enhance Agile development with continuous integration and automated testing to deliver real business results.
Join an analyst from the Digital Clarity Group to discuss leading trends in delivering the customer experience that will increase ROI.