HP Ramps Up Security Focus, Portfolio
This week at the RSA Conference 2012 in San Francisco, HP will explain how it has integrated a number of security acquisitions in recent years and unveil HP EnterpriseView, a set of tools designed to help enterprise executives understand security risks and the business risks associated with them. The company will also be highlighting security technology to protect cloud environments and mobile devices. The HP Enterprise Security Products business unit will incorporate the company's security asse
February 26, 2012
This week at the RSA Conference 2012 in San Francisco, HP will explain how it has integrated a number of security acquisitions in recent years and unveil HP EnterpriseView, a set of tools designed to help enterprise executives understand security risks and the business risks associated with them. The company will also be highlighting security technology to protect cloud environments and mobile devices. The HP Enterprise Security Products business unit will incorporate the company's security assets, including such acquisitions as ArcSight, Fortify and Tipping Point.
"EnterpriseView is taking these various feeds from ArcSight, Fortify and Tipping Point, and putting it much more into a business context," says Stuart McIrvine, director of product management for HP Enterprise Security.
All sorts of enterprise security tools include management dashboards that tell the IT security people how their firewalls, intrusion prevention systems (IPSes), malware protection and other security controls are working. EnterpriseView, however, will provide more specific information on how a particular vulnerability or threat can impact supply chain management, the order-to-cash process or e-commerce systems for a website and the risk to the specific IT assets that deliver those services, McIrvine says.
"Are these events attacking a server that's a part of my supply chain, or are they attacking the server that's hosting the cafeteria menu?" he says. "Now, I can start to make risk-based decisions because of all this intelligence about the events that are happening."
This and other new products and services are coming from the Enterprise Security Products business announced by HP in September 2011. The unit integrates the acquisitions of IPS vendor Tipping Point, part of the 3Com acquisition, security information and event management (SIEM) company ArcSight and application security provider Fortify, all in 2010, plus app security vendor SPI Dynamics in 2007. Together these acquired products, plus data encryption and key management capabilities HP already had in-house, are tightly integrated.
In September, IDC's Chris Liebert, senior analyst, security services, said the worldwide security services market compound annual growth rate would be 15% over the 2010 to 2015 forecast period with revenues exceeding $39.5 billion in 2011 and growing to almost $63 billion by 2015. She added that HP is making a strategic bet based on the movement of the enterprise market to outsourced business services.
"This shift can be attributed to enterprise mandates in a few key areas: reducing infrastructure and network overhead, reducing capex and opex, and outsourcing manual processes like network security, storage and business applications for better efficiency and employee productivity. Key to this shift in enterprise outsourcing is security, as security is a market driver and pushes other sales now, not the other way around, and may be a bright spot" in HP's software strategy.
Ed Ferrara, principal research analyst, security and risk, at Forrester Research, said an integrated approach would have strong appeal to enterprise customers. "The ability to have a tier-one player like HP provide such a vision puts other tier-one players on notice."
Also at RSA, HP is launching a Cloud Connections Partner Program to extend security protections for on-premise IT assets to private or public cloud environments. Although some as-yet-unnamed partners will be announced at the show, existing HP partners include Box, for file sharing in the cloud, and Okta, an on-demand identity and access management provider. HP also partners with a company called Coalfire, a Payment Card Industry (PCI) auditing firm, to help HP customers maintain compliance with PCI compliance requirements.
Security is extended to mobile devices that are being more widely used in the workplace, and this is where the Fortify acquisition fits in. Fortify scans newly created mobile applications that support the HTML5 Web applications standard or that are written in Objective-C, the language used to write apps for Apple iPhone and iPad devices. The idea is to spot risks before the app is deployed, says HP's McIrvine.
"Fortify will scan that app because it understands the language and the platform that is targeted. It will identify where the weakness is, ... but it will also provide you a recommendation on how to fix it," he says.
Fortify also protects in the data center, he continues, because an attack on a mobile app could provide an attacker with access to a database server inside the network. This would possibly enable the attacker to create havoc elsewhere in the enterprise. What he calls a "runtime analyzer" can monitor network traffic into the data center from the mobile device. "If something it detects is malicious, the real time analyzer can stop the app in its tracks," McIrvine says.
Furthermore, if the app is vulnerable but mission-critical and can't be taken out of service for remediation, Tipping Point can intervene, identify the attack signature of the threat and block that specific threat. "I want to let my normal customers use it. But the bad guys, I want you to block every attempt," McIrvine says, citing an example of how the different HP security acquisitions are complementary.
Learn more about Strategy: Securing Flat Networks by subscribing to Network Computing Pro Reports (free, registration required).
You May Also Like