HP Expands Security Offerings

Hewlett-Packard upgrades and expands its security lineup, blending ArcSight IPS, Fortify code scanning, and WebAppDV to provide better context and defense against threats.
Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Hewlett-Packard on Monday unveiled a range of new and updated security products and services, aimed at helping businesses detect and block a range of threats, including vulnerabilities in their custom Web applications.

For starters, the company announced that its security information and event management (SIEM) application, HP ArcSight Express 3.0, will sport faster and more accurate correlation capabilities. HP also announced Fortify Software Security Center, which offers static and dynamic Web application testing that will run on the premises or via the cloud.

Meanwhile, HP announced the launch of services for information security management, endpoint threat management via the cloud, a SIEM service--to collect, log, and report on all security-related events across a business--as well as an application security testing-as-a-service offering. In addition, HP's updated Digital Vaccine Toolkit (DVToolkit) 2.0 will also now import both custom and open source IPS filters, for example from Snort.

As part of ongoing moves to blend capabilities HP obtained via a number of acquisitions last year, the company also recently released HP TippingPoint Web Application Digital Vaccine (WebAppDV) 2.0, which updates its service for protecting both commercial and custom-built Web applications, and protecting them with virtual patches after any codebase vulnerabilities are discovered, at least until a full fix can be put in place. Pricing is based on the number of Web application scans conducted.

WebAppDV works in conjunction with HP's Fortify and WebInspect to scan applications, find vulnerabilities, and then craft a custom filter for those vulnerabilities. While it can be used for off-the-shelf software, "the value of this, in my mind, is really in the custom applications," said Jennifer Lake, security product marketing manager for HP DVLabs, in an interview.

That's because commercial application vulnerabilities typically get publicly disclosed, allowing information security vendors such as HP to create blocks against attacks that seek to exploit the vulnerability. "But if an organization is building their own Web application, we're not necessarily going to know what those vulnerabilities are," she said.

Of course, Web application vulnerabilities remain a dangerous attack vector. "The low-hanging fruit for bad guys is the Web application," said Ryan Kalember, director of solutions marketing for enterprise security products at HP, in an interview.

Furthermore, while Web application firewalls can help block attacks, he said their accuracy leaves something to be desired. "Web application firewalls typically see between 30% and 70% false positive rates, and most customers I've talked with, and most environments I have experience with, they have about a 50% false positive rate," he said. "It's attempting to generically block everything bad that could be attacking the Web app behind it."

Accordingly, HP is betting that businesses will buy into Web application defenses that will both spot specific types of attacks, as well as block them, even if the application hasn't yet been patched. "This is where we think the vision starts coming together. If you're thinking about something like a SQL injection attack, it's actually pretty predictable what the log output of a Web application will be if you execute a known SQL injection attack against it," said Kalember. "While that might not seem very useful, you can use a technology like HP ArcSight to detect when there is an exploit," he said. The next logical step is to create a signature for the attack type, and load it into an IPS--such as TippingPoint--to block it.

"So you've gone from a state in which you're just generating PDF [reports] and throwing them over the wall to the development organization--but you know how you're vulnerable--to being able to ... block it from happening in the first place," he said.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.