Subscribe
Sectors
Companies
About

HP forms security research organisation

New research reveals vulnerabilities up nearly 20%.

Issued by HP
Johannesburg, 22 Apr 2013

HP today announced the formation of the HP Security Research (HPSR) organisation, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio.

The company also released findings from its annual Cyber Security Risk Report, providing insight into the vulnerability landscape, with a range of data covering technologies such as Web and mobile.

As part of the HP Enterprise Security Products (ESP) business unit, HPSR will lead HP's security research agenda, leveraging existing HP research groups, including HP DVLabs, a research organisation focused on vulnerability discovery and analysis, and HP Fortify Software Security Research, which is focused on developing software security practices. HPSR also will manage the Zero Day Initiative (ZDI), which focuses on identifying software flaws that have led to cyber attacks and security breaches.

Driving security intelligence research into product offerings

A core focus of HPSR is to provide research that directly influences the development of the HP ESP portfolio. As such, HP has enhanced its HP Reputation Security Monitor (RepSM) 1.5, which protects clients against advanced threats by leveraging data feeds directly from HPSR. These data feeds enhance the identification of peer-to-peer network use and improve detection of potential spear phishing and spam floods, while also recognising patterns over time, such as reconnaissance scans and abnormal activity levels.

See also
HP provides context to raw security data
New HP servers to change infrastructure economics

The new HP Rep enables clients to defend against sophisticated attacks by detecting dangerous interactions with ill-reputed sites to prevent a breach. After a breach occurs, the solution identifies the infected assets, communicating with ill-reputed command and control centres, before intellectual property is leaked.

For midmarket organisations with large volumes of data and limited resources, HP ArcSight Express 4.0 combines security information and event management (SIEM), log management and user activity monitoring in an out-of-the-box solution, including connectors to HP ArcSight IdentityView and HP Rep. The solution simplifies the collection, analysis and management of security events quickly and cost-effectively.

Clients can be up and running in minutes, quickly gaining insight into potential security threats by pulling information from hundreds of data sources. The solution also monitors user and application activity for security anomalies, such as suspicious behaviour.

HP research identifies security risks, helps organisations assess security posture

HP today released the HP 2012 Cyber Security Risk Report. The annual report provides security intelligence to organisations so they can best deploy their resources to minimise security risk.

Highlights from the report include:

* Total vulnerabilities are on the rise
* Disclosures grew 19% from 6 844 in 2011 to 8 137 in 2012
* 2012 disclosures remain 19% lower than the peak in 2006

* Critical vulnerabilities declined, but still pose significant risk
* Critical vulnerabilities fell from 23% in 2011 to 20% in 2012
*One in five vulnerabilities still give attackers total control of their target

* Well-known Web vulnerabilities remain prevalent in 2012
* Four Web vulnerability categories made up 40% of 2012 reports

* Vulnerabilities exploited by clickjacking are still ubiquitous
* Less than 1% of URLs tested leverage standard mitigation after more than a decade

* The rate of mobile vulnerabilities continues to increase rapidly
* Mobile vulnerabilities rose 68% from 158 in 2011 to 266 in 2012
* Forty-eight percent of mobile applications tested in 2012 gave unauthorised access

* Mature technologies introduce continued and evolving risk
* Vulnerabilities in SCADA systems rose 768% from only 22 in 2008 to 191 in 2012

In addition to the annual risk report, HPSR will publish reports that provide the most current security intelligence available, ensuring organisations understand and proactively respond to potential security threats. HPSR will deliver this research through biweekly threat briefings, as well as free summary briefings available to the public on HP's Web site and iTunes. Premium vertical- and client-specific briefings will be available to paid subscribers.

"Organisations need the latest in security research to effectively prevent, detect and combat the growing number of sophisticated threats," said Lorna Hardie, Enterprise Security Product Sales Manager, HP South Africa. "HP empowers clients to address the most advanced threats by combining access to a global network of security experts and published research with the power of that expertise built directly into our products and services."

Pricing and availability:

HP RepSM 1.5 is available now worldwide. HP ArcSight Express 4.0 also comes with a free trial version of HP RepSM.

HP's premier Americas client event, HP Discover, takes place June 11-13 in Las Vegas.

Share

HP

HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world's largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at http://www.hp.co.za.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialise or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations, including execution of restructuring and integration plans; any statements concerning expected development, performance or market share relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include macroeconomic and geopolitical trends and events; the competitive pressures faced by HP's businesses; the development and transition of new products and services (and the enhancement of existing products and services) to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its customers, suppliers and partners; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; integration and other risks associated with business combination and investment transactions; the hiring and retention of key employees; expectations and assumptions relating to the execution and timing of restructuring and integration plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP's Annual Report on Form 10-K for the fiscal year ended 31 October 2011 and HP's other filings with the Securities and Exchange Commission. HP assumes no obligation and does not intend to update these forward-looking statements.

(c) 2013 Hewlett-Packard Development Company. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Editorial contacts

Hedy Gorton
HP
(+27) 11 785 1000
hedy.gorton@hp.com