HP Acquisitions Bring New Security Technology 'Under One Roof'

As the RSA Conference 2011 security industry convention continues this week in San Francisco, HP is revealing how recent acquisitions in the security space are starting to bear fruit. On Tuesday, HP will demonstrate new security capabilities it is offering to protect enterprise networks and software applications, based on its acquisitions of Fortify Software and ArcSight in August and September of 2010, respectively.

The acquisitions bring "under one roof" security capabilities that work better together than they might have separately, says Michael Callahan, a marketing director for HP TippingPoint, a division created as a result of HP's 2009 acquisition of intrusion prevention vendor TippingPoint, a unit of 3Com.

HP will demonstrate at RSA how its technology can protect a fictional concert ticket Web site, Callahan says. In the scenario, a few purchasers scoop up all the tickets to a concert, put them in shopping carts but never check out, thus depriving everyone else of tickets.

Fortify software identifies an abnormality in the ratio of abandoned shopping carts to completed sales and sees "they're out of whack," he says. Then ArcSight discovers that all the purchasers came from the same IP address, also suspicious. Finally, TippingPoint sets up a filter blocking that IP address, which dumps the shopping carts and frees up the ticket inventory again.

"Here are customer problems that in the past we partially solved or had to come up with some creative ways of solving, but maybe didn't fully solve. But together we can solve it," Callahan says.Also at RSA, HP is announcing a partnership with a company called ipTrust, which maintains a database of 250 million IP addresses known to be cybersecurity threats--such as botnets or distributors of malware--and blocks them from corporate networks. TippingPoint already has a similar service, called Reputation Digital Vaccine, or RepDV, but the ipTrust deal grows the total number of IP address being tracked tenfold, he says.

HP is also introducing a Digital Vaccine Toolkit that can identify software vulnerabilities and immediately apply  a "virtual patch" to temporarily protect bugs from being exploited until the IT team can conveniently take down the network to apply a permanent patch. DV Labs within Tipping Point works with software developers who report vulnerabilities and get paid for their information. DV Labs then informs software vendors, which can then develop patches.

DV Labs had been keeping news of vulnerabilities under wraps indefinitely until patches were ready, but last August it implemented a new policy that vulnerabilities would be disclosed after six months--even if there was no patch. The six months expired Feb. 7, and TippingPoint disclosed 22 vulnerabilities that software vendors hadn't patched.

However, that's just 22 out of about 190 vulnerabilities known to DV Labs back in August, so vendors managed to fix about 90 percent of the bugs in time, Callahan says. "They really embraced it," he says of the deadline that prompted vendors to act. "It was something we hoped would have happened, and it turns out it did." 

See more on this topic by subscribing to Network Computing Pro Reports Best Practices: The New Perimeter (subscription required).