Discover PerformanceHP Software's community for IT leaders // February 2012
What ‘security intelligence’ really means
With cyber-attacks gaining in frequency and sophistication, and the rising cost of a security breach averaging $9.2 million in 2011 , companies can’t afford to be without an integrated, enterprise-wide security perspective. Yet security solutions have usually been applied as “bolt-ons” rather than integrated into a larger enterprise security strategy or framework. Multiple security technologies—many of them architecture-specific—provide no real intelligence into how well your enterprise is securing an explosion of data and the systems through which that information flows.
“There’s a fundamental shift in how companies are thinking about security,” says Tom Reilly, vice president and general manager of HP Enterprise Security Products. “It’s not just about defense in-depth, but about how we get security intelligence, how do we understand where our greatest risks are and how do we detect where we have been breached.”
In response to these issues, the phrase enterprise security intelligence (ESI) has made its way into the CISO’s vocabulary. Introduced by analyst firm Gartner, the ESI concept calls for a holistic perspective on risk and vulnerability—in other words, an elimination of silos.
Without establishing ESI in your organization, it’s impossible to know where you stand on this score. Say, for example, a user accesses secure company data at 7 a.m. from Los Angeles. If that same ID is used to log in six hours later from Eastern Europe, a system made up of many disparate point products might not catch the discrepancy. The problem is siloed security—the solution is comprehensively correlating security information, and providing context eliminates silos.
Establishing ESI in your organization
Enterprise security intelligence springs from the ability to correlate information and context, as well as the correlation of technologies themselves. There are two key components to accomplishing the goal: technology and information. You have to ensure that your security systems can “talk” to one another. And you must be able to take the data coming from multiple IT systems and make sense of it all.
Knowing exactly what information your organization lacks to achieve ESI requires that you assess your needs based on your individual compliance requirements, risk tolerance and the type of proprietary information you must secure.
Of course, your industry and region, and the regions in which your partners operate, will also affect your information security needs. After a broad assessment, you can prioritize more specific requirements. Imagine what you want your security environment to look like three to four months from today, and rank the importance of such things as:
· A universal security dashboard
· Comprehensive reports
· Automated solutions
Running pilot tests of solutions that offer a holistic view is the best way to see firsthand what works in your organization. Testing solutions individually and in head-to-head “bakeoffs” helps ensure their efficacy, of course, but also demonstrates how easily they can be integrated into your existing security solution landscape.
And you might discover a winner right off the bat. When University of Washington Medicine tested the HP TippingPoint Intrusion Prevention System, the IPS prevented so many attacks that the UW Medicine security team decided it couldn’t risk uninstalling it. With the HP TippingPoint IPS, UW Medicine blocks more than 2 million attacks each week, including worms, viruses, Trojans, Web server assaults, denials of service (DoS) and other malicious activity. 
By establishing ESI in your organization as a basis for your security strategy, you’ll enable your team—and your fellow executives—to maintain a clear, universal view of the organization’s security and risk management profile. You put yourself in the ideal position to build security into a variety of emerging technologies that are likely to become of greater concern to CISOs, most notably cloud computing and mobile technology.
“We as IT professionals are changing the landscape right underneath our feet,” Reilly said in a video interview at ArcSight Protect 2011. “IT inherently increases risk. Your job is to minimize risk.
For more about developing your enterprise’s security intelligence, visit HP Enterprise Security.
 Second Annual Cost of Cyber Crime Study, Ponemon Institute, August 2011.
 “University of Washington Medicine Thwarts 803,000 Zotob Attacks in Week-Long Attack at World-Renown Medical Center,” HP customer case study, July 2010.
Join thousands of IT execs, engineers, and solution experts to explore IT trends, strategies, and best practices. (Barcelona,
HP’s CEO and her software management team discuss how enterprise IT can stay on top of the latest technology influencers. (On demand)
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Data Center 20/20
The innovation and revenue engine of the enterprise.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
Preparing today for tomorrow’s threats.
Looking toward the era when everyone — and everything — is connected.