Security | News
HP Helps IT Leaders Prioritize Security Risk with New Dashboard
- By Dian Schaffhauser
After going on a buying spree for companies in the security space in 2010, HP has begun releasing a new generation of security products based on those acquired technologies. During this week's RSA Conference 2012 in San Francisco, the company announced an upcoming risk management dashboard for use by senior IT and security leaders, a security monitor specifically to deal with attacks against applications residing on servers, and a set of services and software addressing mobile security.
HP EnterpriseView, the dashboard product, provides real-time graphical identification of risks to the business from within the IT infrastructure. Data is pulled from multiple sources, including risk and vulnerability assessments, security configuration management monitoring, and compliance auditing, to generate an all-around prioritized view of IT-based organizational risk. According to HP, risks are ranked in a "risk register" based on properties set out by the Common Vulnerability Scoring System, an international standard for rating IT vulnerabilities, as well as by unique weightings determined by the institution's IT leadership.
The browser-based dashboard treats devices, risk models, and policies as objects that can be dragged and dropped into specific areas of the institution. For example, if a new regulation has surfaced that affects campus operations, a policy could be created and "dropped" into that specific organization to be applied to all IT resources and users in that department.
HP's Application Security Monitor (AppSM) taps into Fortify and ArcSight, two acquired products, for monitoring of threats in applications, such as data theft. It provides a central post from which to do searching, reporting, and analysis of Java- and .NET-based applications during runtime across multiple environments, including mobile. Its use requires no custom coding within the applications being monitored, and it can be applied to applications built in house or purchased from a third-party. However, customers will need to have a version of ArcSight deployed in order to use AppSM.
The company said pricing for HP EnterpriseView will start at $250,000. Pricing for AppSM will start at $5,000 per application server. Both offerings are expected to be available soon.
HP Mobile Application Security, currently available, is built on Fortify technology and uses HP security services to provide security checking of code used in Android and iOS apps. That security check can encompass the device, the operating system, communications, apps, integrations, or network code. The company does testing of apps built in-house, from open source, from outsourcing service providers, and from "off the shelf." Pricing is based on client requirements.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.