News

HP Unveils Security Platform at RSA

• By John K. Waters
• February 27, 2012

HP today unveiled a new platform of integrated security solutions that, according to the company, is designed to "bridge the gap between security and IT operations of security solutions." The new Security Intelligence and Risk Management platform (SIRM) combines technologies and services from five years of HP acquisitions with the company's legacy security capabilities. HP is calling its new SIRM platform the first major milestone of its relatively new security products group.

Starting in 2007, HP began making acquisitions to build up its security business. The company acquired SpyDynamics (application security) that year, added the TippingPoint assets of 3com in 2009 (network security, intrusion prevention), and bought Fortify (app security) and Arcsight (enterprise security, compliance management) in 2010. Last year, the company brought these technologies, along with legacy HP security capabilities under the Atalla brand name, into a single business unit. 

"We did it because, strategically, security is a big part of HP's agenda moving forward," Stuart McIrvine, director of product management in HP's enterprise security products group, told ADTmag.com. "But also, because security just gets better the more you integrate the pieces."

SIRM combines these security products into a platform that addresses the multi-vector nature of modern enterprise security threats, McIrvine said. Modern attackers target traditional, mobile, and cloud environments, and the SIRM platform provide visibility across all these environments, he said.

The company is announcing three SIRM-related offerings at the RSA show around risk management, cloud security and mobile security.

HP's new Enterprise View is designed to provide C-level execs with a dynamic dashboard and a prioritized heat-map view of risk across the enterprise. The product is designed to provide a view of everything, McIrvine said, both security events and operations events, integrated with business processes.

"This brings it all together," McIrvine said. "You have all this good intelligence from Tipping Point, you've got Fortify scanning the apps, Arcsight looking at all the events and activity, bringing all that information together over the asset landscape into a single console showing the end user a heat map that shows a particular business process going red because this server is being attacked. You can't focus on every event, but this allows organizations to focus on the things that are important."

The company also introduced a new Cloud Connect Partner Program, which aims to gather partners that will write connectors into Arcsight to provide this same level of security visibility in Software as a Service environments. Two initial partners were announced at RSA: Box, Inc. and Okta. Salesforce.com was also expected to join, but the company would not confirm its participation at press time.

HP also staked a claim in the mobile security space with SIRM-based static application security testing (SAST), dynamic application security testing (DAST) and monitoring solutions. The new HP Application Security Monitor (AppSM) provides visibility into app security threats with a centralized searching, reporting and analysis system for both Java and .NET applications, according to the company. The Mobile Application Security product is designed to identify potential vulnerabilities in apps built for Apple's iOS and Google's Android devices. And HP said its TippingPoint-based Next-Generation Intrusion Prevention System (NGIPS) provides protection against complex application threats with reputation-based blocking and advanced application control. 

HP executives are scheduled to demonstrate the new platform at the annual RSA security conference, underway this week in San Francisco.

More information is available on the HP security group Web site.