Success Story 1: RepSM and Threat Detector

Summary:

The document discusses the HP Connections platform with a focus on Security Intelligence and Risk Management tools, including Reputation Security Monitor (RepSM) and Threat Detector. It shares a success story where a partner installed RepSM at a customer's network to quickly identify botnet communication through threat intelligence data, leading to the sale of the solution. The document also mentions that HP ESP Partner Guide provides valuable information on how to download and use HP Evaluation Software for better security practices. The process involves using RepSM and Threat Detector to analyze large volumes of Cisco flow data exceeding 50Gb per day. Initially, raw data is processed by vectoring certain flows from internal network to public address spaces, which is overwhelming for direct analysis. Using RepSM, only marked flows directed towards malicious addresses are processed further by Threat Detector within RepSM for detailed analysis. This method helps in detecting and preventing botnet activity by identifying specific patterns indicative of threats.

Details:

This text appears to be about HP Connections platform with focus on Security Intelligence and Risk Management tools including Reputation Security Monitor (RepSM) and Threat Detector. It highlights a success story where a partner installed RepSM at a customer's network, quickly identified botnet communication through threat intelligence data, leading to the sale of the solution. The content also suggests that HP ESP Partner Guide provides valuable information on how to download and use HP Evaluation Software for better security practices. The text describes a process involving the use of the "RepSM" (a term not fully explained) and its associated "Threat Detector profile." This method is applied to analyze large volumes of data, specifically Cisco flow data which exceeds 50Gb per day. Initially, this raw data needs to be processed by first vectoring certain flows from internal network to public address spaces, which still remains an overwhelming amount for direct analysis. To tackle this issue, the partner employs RepSM to mark flows that are directed towards malicious addresses. Following this step, only a portion of the events (less than 13 million per day) are processed by Threat Detector within RepSM for detailed analysis. The analysis here involves examining patterns and anomalies in these less-than-50 events which can typically be handled within a couple of man hours. The process outlined appears to be part of an ongoing effort or toolset used for network security, potentially aimed at detecting and preventing malicious activities such as botnet activity by identifying specific patterns indicative of such threats. This detailed analysis could help in understanding the extent and nature of cyber threats faced by organizations, which is crucial for effective cybersecurity management.