HP set out a multi-faceted approach to security at its Technology Forum in Las Vegas this week. Consisting of new products and updated versions of existing ones, its strategy covers compliance, security management, anti-phishing and tape-storage management.
Security and storage were the two major components in the strategy for HP, which has become "the largest company by revenue in the IT marketplace", according to its president and chief executive Mark Hurd.
The HP initiative, called "Secure Advantage", has an overall focus on compliance. The HP Compliance Log Warehouse is a general-purpose appliance that performs fast collection and analysis of log data to help automate compliance reporting.
Using HP Integrity servers, SenSage, the real-time alert manager which is also used by IBM and EMC among others, performs high-speed analysis of security-event data for internal and external audits or forensic investigations. It also scans log-record data in real-time for policy enforcement.
A second component is the Information Security Service Management (ISSM) reference model developed by HP Services. This is aimed at managing and mitigating risks across an organisation by using controls that are intended to reduce compliance costs while ensuring security.
It is part of HP's Service Management Framework, which is also new. The framework provides a common language based on industry best practices and international standards, such as ITILv3, CMMI, CobiTv4, ISO/IEC 20000 and ISO 27001. It provides an enterprise view and security governance framework for service-level agreements, operations-level agreements and policies, processes and procedures.
Secure Advantage also provides data encryption using 256-bit AES encryption, which can be used with the new StorageWorks LTO-4 Ultrium1840 tape drives.
The drives use hardware-based encryption to protect back-up data from unauthorised access if cartridges are lost or stolen while being stored or transported offsite. Being hardware-based, the encryption should be very fast, according to Chris Whitener, a director in the security division at HP.
The LTO-4 Ultrium1840 includes HP Data Protector Express Single Server Edition, which provides easy-to-use management of the encryption process at no additional cost, the company says.
HP Secure Advantage also has an anti-phishing toolbar, which provides two-factor authentication and site validation. Developed by researchers at HP Labs, the toolbar offers services for managing passwords and validating usernames. It works by helping to calculate a unique password from information provided by the user, the user's browser and the site being visited. The generated password also depends on a secure label, enabling the toolbar only to send a password to a site when the site's certificate is present.
HP has also developed the Identity Center. This offers identity and access-management software and is optimised to help automate the management of people, processes, security and compliance.