HP Shores Up Security with Purchase, PortfolioBy Brian Prince | Posted 2007-06-20 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
HP's planned purchase of SPI comes two weeks after IBM moved to buy Watchfire, one of SPI's chief rivals.
Hewlett-Packard expanded its security footprint June 19 as it announced plans to acquire Web application security provider SPI Dynamics the same day it unveiled its own HP Secure Advantage portfolio.
HP plans to integrate the Atlanta-based SPI Dynamic's business and 140 staff into the software unit of its Technology Solutions Group, the business unit also responsible for servers, storage and consulting services. The move comes as HP attempts to shore up application-level security, said Jonathan Rende, vice president of products, Quality Management Software, at HP, in a statement.
"The number of vulnerabilities to business-critical applications has gone up exponentially with the rise of Web-based applications," Rende said. "Now, with the addition of SPI Dynamics, we can make sure it is also secure."
HP's planned purchase of SPI comes two weeks after IBM moved to buy Watchfire, one of SPI's chief rivals. Both develop software that searches for vulnerabilities in Web applications and audits applications for compliance with government and industry regulations.
Both underscore the rising anxiety surrounding application-level security, said Chenxi Wang, a security analyst at Forrester Research.
"The National Institute of Standards and Technology reports that 92 percent of all vulnerabilities found today are due to application flaws rather than network or system flaws," she said. "Many organizations now have Web-facing applications, the security of which is keeping the IT people up at night. For any big company [that] is interested in getting into the business or strengthening their security testing capability, SPI is a great acquisition target."
She added that given HP's acquisition of Mercury Interactive, a leader in the software quality assurance testing market, taking on SPI allows HP to extend its functionality "further upstream into the development lifecycle."
Meanwhile, HP has raised the curtain on its HP Secure Advantage portfolio of servers, storage, software and services. HP Secure Advantage is aimed at helping customers securely share information, improve identity management and compliance controls, ensure business continuity and defend against network attacks.
"Security and compliance continues to be a top concern for CIOs as the enterprise has evolvedwhether spurred by growth, threats or ongoing regulatory pressure," said Chris Christiansen, a security analyst at industry analyst firm IDC. "HP Secure Advantage helps optimize business risk management by integrating security into the fabric of the IT infrastructurepreparing customers for security threats today and in the future."
A key part of HP Secure Advantage is the new HP Compliance Log Warehouse, an appliance that performs high-speed collection and analysis of log data in order to automate compliance reporting. The appliance includes a Log and Analysis Manager that features a real-time alert manager module based on SenSage technology and performs high-speed analysis of security event data for audits or forensic investigations. It also scans log record data in real time for policy enforcement.
In addition, the HP Secure Advantage portfolio includes AES 256-bit encryption as part of the new HP StorageWorks LTO-4 Ultrium1840 backup tape drives. Also included is the HP Anti-phishing Toolbar, which is designed to allow users to manage their user names and passwords and to calculate a unique password from information provided by the user, the user's browser and the site being visited, HP officials said.
HP's new security strategy also features its Information Security Service Management reference model from HP Services to help organizations address operational risks, as well as HP Identity Center, a software package designed to help automate the management of people, processes, security and compliance, HP officials said. The software includes components for centralized management and provisioning of users' accounts, passwords and privileges across multiple IT systems and services. HP Identity Center also includes HP Select Access software for policy- and role-based access control and single sign-on for Web applications and services.
"HP has been protecting the majority of the world's financial transactions for the past 35 years by safeguarding ATM and point-of-sale networks, credit card information and electronic funds transfers," said Scott Stallard, senior vice president and general manager of Enterprise Storage and Servers at HP, in a statement. "HP Secure Advantage delivers integrated security into heterogeneous IT infrastructures to help customers of all sizes optimize business outcomes."