HP expands enterprise security solutions

HP today announced its expanded Enterprise Security Solutions portfolio, designed to help enterprises establish and execute a comprehensive security strategy that addresses threats and potential liabilities resulting from the rise of mobility, cloud computing and social media.

Cyber threats have become more sophisticated, persistent and unpredictable. New research conducted on behalf of HP demonstrates that the volume and complexity of security threats has continued to escalate (1).

More than 50% of senior business and technology executives surveyed believe security breaches within their organisations have increased during the last year. Nearly 30% responded that they experienced a security breach by unauthorised internal access, while 20% responded that they had experienced an external breach.

Faced with these challenges, organisations need to establish a more sustainable approach to managing security and risk. The HP Enterprise Security Solutions framework addresses this need by delivering overarching information security management capabilities, coupled with modern security operations centres and technologies that provide actionable security intelligence.

The expanded portfolio includes new capabilities to help enterprises assess, transform, manage and optimise their security investments.

"Organisations today are quickly realising the importance of a comprehensive risk management strategy to securing assets across their corporate infrastructures and protecting corporate reputation," said Frank van Rees, MD and Enterprise Business Lead, HP South Africa.

"HP's extended security portfolio provides the protection that enterprises require, while providing customers, employees, partners and consumers with instant access to the right enterprise assets without compromising risk."

"The recent series of security announcements from HP are encouraging for a number of reasons," said Eric Domage, manager Western European Security Research and Consulting, IDC. "Firstly, it's good to see that the industry-leading technology portfolios acquired with Tipping Point, Fortify and ArcSight are being integrated intelligently, but also importantly, that they are being used for an offering that's clearly differentiated in a crowded marketplace, spanning services, applications and products.

"Furthermore, the integration of all of these different security products and solutions effectively positions HP as a key vendor able to tackle an increasingly complex threat landscape, which businesses are facing today."

HP is now offering a one-day Enterprise Security Discovery Workshop based on the HP Enterprise Security Solutions framework, which enables clients to identify the interaction required between information management and security operations.

The workshop helps clients understand their organisations' vulnerabilities to external and internal threats, identify the critical success factors for a secure enterprise, and create tailored transformation programmes based on best practices.

In addition, HP released the HP Digital Vaccine Labs' (DVLabs') Cyber Security Risks Report, which offers clients a detailed look at vulnerability, threat and attack data for the first half of 2011. This semi-annual report helps enterprises to understand the threat landscape so they can assess and adjust their security postures.

By combining market-leading capabilities from ArcSight, an HP company; Fortify, an HP company; and HP TippingPoint, HP has established a foundation for the unified approach to enterprise security. The HP Security Intelligence and Risk Management platform offers advanced correlation, application protection and network defence technology to protect applications and IT infrastructures from sophisticated cyber threats.

Supported by a wide network of partners, the platform helps organisations reduce risk from existing infrastructures, provide security testing and remediation for existing applications, and establish a foundation to deploy future systems within a secure environment.

To help clients use this transformational approach to risk management, HP announced a full complement of new risk- and security-related offerings:

* HP ArcSight Express 3.0delivers market-leading correlation, log management and user-activity monitoring to improve an organisation's ability to rapidly detect and prevent cyber threats. It is the first Security Information and Event Management (SIEM) product powered by the breakthrough Correlation Optimised Retention and Retrieval Engine (CORR-Engine)
* HP Reputation Security Monitor provides HP ArcSight clients with an advanced, real-time list of known bad IP and DNS addresses to combat attacks that exploit Web application vulnerabilities.
* HP Fortify Software Security Centre suite is the only comprehensive application security testing solution available on-premises or on-demand that scales to identify vulnerabilities in thousands of applications.
* HP TippingPoint Web Application Digital Vaccine (WebAppDV) 2.0 service extends protection to commercial and custom-built online applications with real-time identification of vulnerabilities in Web applications, and delivery of virtual patches until a fix can be developed. The updated WebAppDV 2.0 filters with Adaptive Web Application Firewall (WAF) Technology helps discriminate between normal network activity and malicious traffic. HP also offers advanced protection and simplified migration from open source-based IPS solutions with the Digital Vaccine Toolkit (DVToolkit) 2.0 for Snort as well as improved transparency into the state of a security environment, with the HP TippingPoint Reporting and Archiving powered by Logger software.

To help organisations manage their security transformation programmes, adopt the best security technologies and choose from flexible sourcing models, HP also introduced new Enterprise Services:

* HP Information Security Management (ISM) services deliver a comprehensive approach to managing security policies and processes, enabling clients to make informed security decisions and minimise risks.
* HP Enterprise Cloud Service (ECS) - End Point Threat Management protects desktop and notebook PCs and servers against viruses, malware, spyware and intrusions by blocking unauthorised communication and preventing installation of unwanted programs.
* HP Security Information and Event Management (SIEM) services collect and log security-relevant events to provide a unified view of the security activity across an enterprise, as well as generating predefined reports to demonstrate compliance with policies and regulations.
* HP Application Security Testing-as-a-Service identifies and closes security vulnerabilities in the application layer with code scanning and Web penetration services that reduce the risk, time and investment needed to deliver software security assurance.

HP Secure Boardroom is a comprehensive, enterprise-level online portal that combines existing sources of security data into one central system. Senior-level executives and CIOs are provided greater insight and actionable information that facilitates business-led strategic investment and management decisions.

HP gives Instant-On Enterprises the power to protect data, defend resources, manage risk and drive innovation. More information about HP's new solutions and services is available at www.hp.com/go/risk2011.

HP's premier client event, HP DISCOVER, takes place from 29 November to 1 December in Vienna, Austria. The event showcases how organisations can get started on their instant-on enterprise journeys.