HP said its new SIRM platform provides enterprises with visibility across IT environments so security teams can apply security defenses based on specific organizational risks. HP is introducing several new products as part of its SIRM platform, taking the next step of integrating its various acquisitions.
The company acquired security information and event management vendor ArcSight in 2010 for $1.5 billion. It also acquired software security vendor Fortify and network security vendor TippingPoint through its acquisition of 3Com in 2009. The three acquisitions now make up the company’s newly created HP Enterprise Security Products group.
As part of the platform, the company announced the launch of HP EnterpriseView, a dashboard for C-level executives that will display a prioritized list of risks across the enterprise via a heat map. The single view should enable security executives to address the highest business risks and deploy defenses, said Stuart McIrvine, HP director of product management.
“You see what the threats are that can target what vulnerabilities you have using a heat map that shows the most vulnerable and critical threats,” Mclrvine said. The visibility makes it easier to decide which problems to attack and the best way to do it, he said. Pricing for EnterpriseView starts at $250,000.
Mclrvine said the company addresses the complex attack surfaces created by mobile platforms and applications through Fortify’s static and dynamic application security testing, as well as monitoring technologies, including HP Application Security Monitor, HP Mobile Application Security and HP TippingPoint Next Generation Intrusion Prevention System.
A new HP Application Security Monitor (AppSM) helps IT deploy monitoring capabilities by reducing custom programming. Its purpose is to deliver centralized searching, reporting and analysis that cover Java and .Net applications across multiple environments, including mobile. HP AppSM pricing starts at $5,000 per application server.
HP Mobile Application Security utilizes HP WebInspect, an application security assessment line-of-code inspection to identify potential vulnerabilities for applications built for Apple iOS and Google Android devices.
HP TippingPoint Next Generation Intrusion Prevention System (NGIPS) provides protection for complex application threats in conjunction with the HP SIRM platform.
“TippingPoint is extremely good at blocking attacks that truly are attacks, which means no false positives,” said McIrvine. When TippingPoint and WebInspect are combined, he said, WebInspect can tell it what to block and what to let go, making vulnerable apps inaccessible to attackers and giving the user more time to either update the app or delete it.
Follow this link for more special coverage of the 2012 RSA Conference.