In an effort to combat increased security threats facing enterprises, HP today expanded its Enterprise Security Solutions portfolio with integrated solutions from such HP brands as ArcSight, Fortify and TippingPoint. The new portfolio includes new capabilities to help enterprises assess, transform, manage and optimize their security investments.
The threats that enterprises face from security breaches are growing in both number and complexity. In just the past year the types of attacks are up, the costs associated with them are higher and more visible, and the risks of not securing systems and processes are therefore much greater. Some people have even called the rate of attacks a pandemic.
The path to reducing these risks, even as the threats escalate, is to confront security at the framework and strategic level, to harness the point solutions approach into a managed and ongoing security enhancement lifecycle. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
HP's strategy then is to provide a fabric of technology along with a framework of processes, to progress to a lifecycle of preparedness that helps organizations become and stay more more secure, said Rebecca Lawson, Director of Worldwide Security Initiatives at HP.
"It's important to bring the right people together and to assess the whole situation, and those people are going to be from all over the organization: IT, AppDev, legal, accounting, supply chain," she said. "You need to really assess the full situation so that everyone is not only aware of where vulnerabilities might be, or where the most costly vulnerabilities might be, but to look ahead and say … let's make sure we build security into everything from the get-go."
In addition to the new products, HP announced an Enterprise Security Discovery Workshop, an expanded Secure Boardroom (an online portal that combines existing sources of security data into one central system), and released a report from HP Digital Vaccine Labs on vulnerability, threat and attack data for the first half of 2011.
Organizations today are quickly realizing the importance of a comprehensive risk management strategy to securing assets across their corporate infrastructures.
Cyber threats have become more sophisticated, persistent and unpredictable, said Lawson. Research conducted on behalf of HP demonstrates that the volume and complexity of security threats has continued to escalate.
HP's research shows that more than 50 percent of senior business and technology executives surveyed believe that security breaches within their organizations have increased during the last year. Nearly 30 percent responded that they experienced a security breach by unauthorized internal access, while 20 percent responded that they had experienced an external breach.
"There are so many different points at which different incidents can occur that getting your arms around all of them and focusing your attention on those that are most likely to cause reputation damage or financial damage or operational damage, that’s really the trick," said Lawson.
"We also noticed in our research that the number of attacks, particularly on web applications, is just skyrocketing. And of course we know that web apps are used on mobile devices and they are used on laptops and desktops. And so we are really seeing an alarming rate of web attacks happening. … The context can change so rapidly that you have to really think differently about what it is you are protecting and how you are going to go about protecting it. So it's really, it's a different game now," she said.
ArcSight Express 3.0
ArcSight Express 3.0, a unified security solution, transforms the delivery of advanced correlation, log management and user activity monitoring to improve an organization‘s ability to rapidly detect and prevent cyber threats. Powered by the new Correlation Optimized Retention and Retrieval Engine (CORR-Engine), it delivers the scalability required to correlate, process, and store vast amounts of data to advance the detection and prevention of cyber threats and risks.
ArcSight Express 3.0, a single turnkey appliance that simplifies the installation and operation of a Security Information and Event Management (SIEM) solution, enables IT administrators and security analysts to more quickly respond to business threats.
HP has also launched the updated HP TippingPoint Web Application Digital Vaccine (WebAppDV) 2.0 service, which delivers real-time identification of vulnerabilities in web applications and delivery of virtual patches until a fix can be developed. This is achieved by HP WebInspect, a security scan that incorporates the new Adaptive Web Application Firewall Technology (WAF) to protect commercial and custom-built online applications, such as retail websites or online banking sites from vulnerabilities.
Many network firewalls cannot discriminate between normal network activity and malicious traffic aimed to disrupt web applications. To address this gap in protection, the updated WebAppDV 2.0 filters are deployed alongside the traditional Digital Vaccine filters in the HP TippingPoint Intrusion Prevention System (IPS).
TippingPoint IPS is powered by research from HP DVLabs, which discovered four times the number of critical vulnerabilities than the rest of the market combined. Updates and patches addressing these vulnerabilities are created and automatically delivered to clients online each week, or immediately when critical vulnerabilities and threats emerge.
Other offerings in the security portfolio include:
- ArcSight Express 3.0 is expected to be available worldwide soon.
- WebAppDV 2.0 is currently available worldwide. Price varies based on the number of web application scans.
- DVToolKit 2.0 is currently available worldwide at no additional cost to clients with an existing HP TippingPoint IPS solution.
- HP TippingPoint Reporting and Archivingis currently available worldwide to Logger clients as an add-on product at no additional cost.
You may also be interested in: