HP bolsters security portfolio with proactive solutions
One major focus is Security Information and Event Management (SIEM) technologies, the company said
September 11, 2012 — CSO — Hewlett-Packard has announced multiple additions to its security solutions portfolio that it said are designed to help enterprises be more proactive in addressing security threats.
HP tied releases to the results of a recent study it commissioned from Coleman Parkes Research, which found that while a majority of enterprises (71%) give their security leadership a "seat at the table with other C-suite executives ... more focus is placed on reactive security measures than on the more important area of proactive security measures."
The study, conducted in July through interviews with 550 senior business and technology executives in North America, Europe, the Middle East, Asia Pacific and Latin America, found that only 45% have an information risk-management strategy in place, and 53% manually consolidate information risk-management reports or don't measure risk at all.
Rebecca Lawson, director of worldwide security initiative at HP, said one major focus of the company is Security Information and Event Management (SIEM) technologies. "We're trying to create a proactive mindset, so people build security [into their systems,]" she said.
[See also: SIEM - Dead or alive?]
The HP mantra is to "protect what matters most." Lawson sai that "sounds like common sense, but it is surprising how many companies are spending, but not in the right place."
"From a business service point of view, you need to guard the underlying components," she said. "Some of them may look small, but be tied to big business services. And these days, threats happen quietly."
Among the product offerings are HP's latest version of ArcSight Enterprise Security Manager, which Lawson said is a SIEM product.
"It takes data from different sources and finds the needle in the haystack that indicates you may be under attack," she said. "The more data it can take in, the better it works. It looks for anomalies across sets of data."
This latest version, 6.0c, "is designed to be more than 500% more efficient -- to process faster and use up to 20 times less storage," Lawson said. "You can query it faster. For this domain, you need to get it really quickly."
Other products announced for the enterprise are HP Data Protection Services, HP TippingPoint NX Platform Next Generation Intrusion Protection Systems (NGIPS), which adds capacity for deep-packet traffic inspection, and Information Security Pulse, a mobile application for IT security professionals that works with webOS, Apple iOS, Android and Web apps.
For the public sector, HP announced new features to Assured Identity, which performs identity, credential and access management; Comprehensive Applications Threat Analysis on Demand (CATA), which assists clients in building security into the application development cycle; and its Security Operations Center Consulting Services for public sector clients outside the U.S.
"Everybody and his brother are developing apps," Lawson said. "But they're not all covering the security bases. CATA helps clients think about security right along with functional requirements during development. You can't wait until testing. That's too late."
The company also announced the expansion of several printing security solutions, which Lawson said are designed to protect the data that flows through printers.
"A lot of people don't realize when data goes through printers, that it is also going through a hard drive with IP address," she said. "The data lifecycle you want to protect flows frequently through a printer."
It also allows centralized policies for authentication, intelligent management and job accounting. "It is policy automation," Lawson said. "When you put in new printer, it goes out and looks for policies that are already in place."
Read more about application security in CSOonline's Application Security section.
Other stories by Taylor Armerding