HP bolsters security portfolio with proactive solutions

Hewlett-Packard has announced multiple additions to its security solutions portfolio that it said are designed to help enterprises be more proactive in addressing security threats.

HP tied releases to the results of a recent study it commissioned from Coleman Parkes Research, which found that while a majority of enterprises (71%) give their security leadership a "seat at the table with other C-suite executives ... more focus is placed on reactive security measures than on the more important area of proactive security measures."

The study, conducted in July through interviews with 550 senior business and technology executives in North America, Europe, the Middle East, Asia Pacific and Latin America, found that only 45% have an information risk-management strategy in place, and 53% manually consolidate information risk-management reports or don't measure risk at all.

Rebecca Lawson, director of worldwide security initiative at HP, said one major focus of the company is Security Information and Event Management (SIEM) technologies. "We're trying to create a proactive mindset, so people build security [into their systems,]" she said.

[See also: SIEM - Dead or alive?]

The HP mantra is to "protect what matters most." Lawson sai that "sounds like common sense, but it is surprising how many companies are spending, but not in the right place."

"From a business service point of view, you need to guard the underlying components," she said. "Some of them may look small, but be tied to big business services. And these days, threats happen quietly."

Among the product offerings are HP's latest version of ArcSight Enterprise Security Manager, which Lawson said is a SIEM product.

"It takes data from different sources and finds the needle in the haystack that indicates you may be under attack," she said. "The more data it can take in, the better it works. It looks for anomalies across sets of data."

This latest version, 6.0c, "is designed to be more than 500% more efficient -- to process faster and use up to 20 times less storage," Lawson said. "You can query it faster. For this domain, you need to get it really quickly."

Other products announced for the enterprise are HP Data Protection Services, HP TippingPoint NX Platform Next Generation Intrusion Protection Systems (NGIPS), which adds capacity for deep-packet traffic inspection, and Information Security Pulse, a mobile application for IT security professionals that works with webOS, Apple iOS, Android and Web apps.

For the public sector, HP announced new features to Assured Identity, which performs identity, credential and access management; Comprehensive Applications Threat Analysis on Demand (CATA), which assists clients in building security into the application development cycle; and its Security Operations Center Consulting Services for public sector clients outside the U.S.

"Everybody and his brother are developing apps," Lawson said. "But they're not all covering the security bases. CATA helps clients think about security right along with functional requirements during development. You can't wait until testing. That's too late."

[See also: Software security basics for application development managers]

The company also announced the expansion of several printing security solutions, which Lawson said are designed to protect the data that flows through printers.

"A lot of people don't realize when data goes through printers, that it is also going through a hard drive with IP address," she said. "The data lifecycle you want to protect flows frequently through a printer."

It also allows centralized policies for authentication, intelligent management and job accounting. "It is policy automation," Lawson said. "When you put in new printer, it goes out and looks for policies that are already in place."

Read more about application security in CSOonline's Application Security section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place