Addressing vulnerability of web apps key in HP Enterprise's new security portfolio

Monday, September 12, 2011

Attacks on web apps accessed via mobile phones are one of the driving factors behind an expanded portfolio of enterprise security solutions announced on Monday by HP Enterprise (NYSE: HPQ), company director of worldwide cloud service initiatives Rebecca Lawson told BNamericas.

The updated portfolio is designed to help enterprises establish a comprehensive security strategy that addresses threats and potential liabilities resulting from the rise of mobility, cloud computing and social media.

According to Lawson, HP research shows that attacks on web apps are happening at twice the pace as last year.

Start your 15 day free trial now!


Already a subscriber? Please, login

"There are so many points of entry," Lawson said. "Mobile phones are everywhere. People are doing home and work things mixed together."

"So we advocate that you look very vigorously at your web apps. whether they are on mobile or a laptop. If it's a web app, it tends to be vulnerable. Your costly errors tend to happen to web apps," the executive added.


HP Enterprise's expanded portfolio of security solutions is designed to address the increasingly sophisticated security attacks that companies face from threats like hacktivism.

The portfolio is based on a "mantra" that involves four processes - assess, transform, manage and optimize.

Firstly, HP sends send certified security professionals to spend a day with the client to identify weak points and draw up a roadmap of what the customer's security strategy should look like.

"Getting your arms around the situation is half the battle. The situation is so broad that customers are dying for help, wanting to understand where to put their money, where to focus - because you can't secure everything," Lawson said.

The second phase is transformation, which means taking a planned and not too disruptive approach to fill in security gaps and use technology to anticipate potential attacks.

HP's ArcSight Express solution helps correlate files and bits of data that may not appear, at first sight, to be a threat but that could potentially become one.

One of the company's solutions includes a database of 300mn "bad IP addresses" known for malicious activity.

"We take the data from our research organization, which is combing third party apps, and then marry that data with the bad reputation databases," Lawson said.

The so-called Digital Vaccine solution helps to identify in real time vulnerabilities in web applications and deliver virtual patches until a fix can be developed.

As regards the manage element of the strategy, HP is offering new security offerings such as software as a service (SaaS).

Solutions includes helping clients to draw up security policies, protect end points via the cloud, event management - which provides reports on security-relevant events - and testing to identify potential application risks.

The final part of the puzzle is optimization. This includes the Secure Boardroom portal that acts as a dashboard that enables security executives to get a comprehensive overview on one screen of all security related elements.


Lawson said enterprises are much more prepared than they were several years ago to trust all or parts of their security strategy to a third party.

It certainly has its benefits in terms of reduced capex. But with that said, it does vary depending on the industry.

"Some customers are comfortable using cloud for certain elements of security, and others are not. There isn't a one size fits all. It's very situational: the industry and country you're in, how large you are, how mature your organization is," Lawson said.

"You can have good security standards in the cloud. The responsibility falls on an enterprise to ensure that all of their assets are protected, and that's part of the discovery workshop. You put all on the table and figure out what you have to do. Some things are better done as a service and others on premise."