HP’s cloud-based DNS traffic analysis to spot early signs of malware

There’s no shortage of data that network devices spew out every minute. The only problem is how CISOs can sort through the logs to glean actionable information.

Hewlett-Packard’s answer is to do it for them.

This morning HP revealed a cloud analytics service will start later this month to process data generated by an enterprise’s DNS (domain name system) requests which could signal malware in a system.

It was one of several announcements made at the company’s HP Protect security conference, including a new automated analysis engine for the HP Fortify on Demand cloud application testing service, which will give faster and more accurate results.

DNS Malware Analytics sits inline and beside a DNS sever, collecting and forwarding data to HP for inspection.

“It’s a solution that now allows us to detect compromised hosts in your environment using DNS traffic,” Frank Mong, vice-president and general manager of HP enterprise security solutions, said in an interview. “A lot of the times endpoint security — antivirus — isn’t effective in catching everything bad. They look for signatures, things that are well-know to be bad. But they have a hard time detecting code that’s doing things that are benign — for example, trying to contact a command and control server.

HP said the service uses an algorithmic engine, as opposed to the more common rules-based approach, to analyze the high volume of DNS records. This allows new, unknown malware to be detected, the company says, as well as reducing false positives by a factor of 20 over other malware detection systems.

The service starts Sept.15. One-year subscriptions start at US$80,000 to analyze up to 5 million DNS packets per day.

The service fits in with the release earlier this year of HP User Behavior Analytics, Mong said, which analyses user actions. Results from both UBA and DSN Malware Analytics can be fed into HP’s ArcSight system information and event management suite to help enforce security policies.

For DevOps teams who use the Fortify on Demand cloud service, which examines application and Web code for security vulnerabilities, there’s a new scan analytics engine. It not only takes some of the load off HP [NYSE: HPC] staff who had been manually looking at code, it also promises faster results.

“No longer do you have to wait days to get a response back; we’ll give it to you in hours,” said Mong — and it’s more accurate.

The engine recognizes that a lot of applications these days re-uses code libraries, particularly open source code. Analyzing that automatically speeds things up. “We don’t need to look at that code; we’ve scanned it thousands of times,” Mong said. As a result HP analysts can spent more time looking at code tagged by the engine as exceptions.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads