RepSM & Threat Detector Success Story

Summary:

The document highlights HP's Reputation Security Monitor (RepSM) and Threat Detector tool success story, focusing on a partnership case where the tools effectively identified botnet communication within a customer's network, leading to immediate value realization for the partner. The process involves processing large volumes of Cisco flow records through RepSM, which marks flows associated with malicious addresses, followed by analysis using Threat Detector to identify patterns and anomalies in fewer events, reducing potential threats from network traffic data. Additionally, it mentions that ckard Development Company, L.P., powered by Jive, utilizes Jive's software for enhanced collaboration and communication within their internal systems.

Details:

This text discusses a success story involving HP's Reputation Security Monitor (RepSM) and its associated tool, Threat Detector. Ofer Shezaf mentions how Paul Brettle has highlighted that ArcSight time to value is as short if not shorter than other solutions. The text then shares a real-world example where a partner used RepSM for a trial at a customer's network, identified botnet communication, and immediately sold the solution upon finding a match. This case demonstrates how effective these tools are in quickly providing value once implemented. The process described involves handling a large volume of data, specifically Cisco flow records from an internal network that has transitioned to a public address space. This data is too extensive for direct analysis by traditional security tools like Threat Detector. To manage this volume, the data is first processed through RepSM (Reputation Signature Matching) which marks flows associated with malicious addresses. These marked events are then analyzed by Threat Detector, significantly reducing the number of potential events to less than 13 million per day. The analysis focuses on identifying patterns and anomalies in these fewer events using a couple of man-hours, indicating that despite the reduction in volume, the complexity and specificity required for botnet activity detection remain high. This method allows for more focused and efficient investigation into potential security threats from within the network traffic data. "ckard Development Company, L.P Powered by Jive" refers to a software product or service provided by ckard Development Company, which is facilitated and supported through the use of Jive's platform. The version number mentioned (Jive Software Version: 153366) indicates that the specific iteration of the Jive software being utilized for this particular deployment has been updated to a unique identifier showing its development sequence or chronological order in the release history. This might pertain to the build, versioning, revision, or modification number of the software product known as Jive by Jive Software Inc., which is used by ckard Development Company for developing and managing their applications and services. The statement "Powered by Jive" signifies that the functionality and features provided by the platform are facilitated through the use of Jive's software development kit (SDK), APIs, or a hosted version of the Jive product which can be integrated into ckard Development Company's internal systems to enhance collaboration, communication, content management, community building and other related functionalities. The specific features, benefits, and capabilities that might be available with this particular deployment could vary depending on what exactly ckard Development Company has adopted from Jive Software, how it has been customized or configured for their unique business needs, and the version of the software they are using. This also points to a collaborative relationship between ckard Development Company and Jive Software Inc., where both parties benefit from leveraging each other's strengths in order to provide better services and products to clients and customers.