Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

HPE hit with security quandary after Russian ArcSight review

Reuters | Oct. 3, 2017
Sources indicate that HPE inadvertently let a Russian defence agency review the inner workings of cyber defence software used by the Pentagon.

Echelon operates as an official laboratory and software tester of FSTEC and Russia's FSB spy agency, according to Russian government registries of testing laboratories and software certifications reviewed by Reuters. US intelligence has accused the FSB of helping mount cyber attacks against the United States and interfering in the 2016 presidential election.

Markov, Echelon's president, defended the reviews, saying that "if a vulnerability is found, everyone is happy" because the detected flaw means laboratory experts are "able to demonstrate their qualifications" and "the developer is happy that a mistake was detected, since by fixing it the product will become better."

Russia in recent years has stepped up demands for source code reviews as a requirement for doing business in the country, Reuters reported in June.

A number of international companies, including Cisco Systems, the world's largest networking gear maker, and German software giant SAP, have agreed to the reviews, though others, including cybersecurity firm Symantec, have refused because of security concerns.

US government procurement records show ArcSight is used as a key cyberdefence bulwark across much of the US military including the Army, Air Force and Navy. For example, ArcSight is used to guard the Pentagon's Secret Internet Protocol Router Network (SIPRNet), which is used to exchange classified information, according to military procurement records.

The Pentagon spokeswoman declined to comment on risks posed by specific products to its network but said all software used by DISA is "extensively evaluated for security risks," and continually monitored once deployed.

Created in 2000 as an independent company, ArcSight broke new ground by allowing large organizations to receive real-time alerts about potential cyber intrusions.

The software draws activity records from servers, firewalls, and individual computers across a network - up to hundreds of thousands per second. The system then searches for suspicious patterns, such as a high number of failed login attempts within a few seconds, and alerts analysts.

A decade later, ArcSight had become "the core" cyber network defence tool the Pentagon's analysts "rely on to defend DoD networks," DISA said in a 2011 ArcSight procurement request.

Today ArcSight is a virtually irreplaceable tool for many parts of the US military, at least for the immediate future, Pentagon records show.

"HP ArcSight software and hardware are so embedded," the Pentagon's logistics agency wrote in April, that it could not consider other competitors "absent an overhaul of the current IT infrastructure." 

HPE agreed last year to sell ArcSight and other security products to British tech company Micro Focus International in a transaction that was completed in September.

Jason Schmitt, the current head of the ArcSight division, said the product makes up a little less than half of the US$800 million in annual revenue Micro Focus expects to get from the security software business purchased from HPE.

 

Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.