Hewlett-Packard isn't usually the first IT company that rolls off the tongue where security is concerned. The computing giant bakes its bread selling printers and other hardware, but it has long offered security solutions to its customers and service providers. And now, according to its Internet Security Solutions Division senior product manager, it's ready to branch out.
"We used to call ourselves the best-kept secret in the industry," said HP's Gary Sevounts. "There have been a lot of changes in several directions."
Sevounts said HP is following a three-pronged strategy with its security division, focusing on products that solve problems rather than suggest fixes while at the same time increasing visibility for its security division.
"Almost all businesses are online, and now they are dealing with the consequences of being online," Sevounts said.
Sevounts points to two security approaches most companies adopt: either sitting idly by hoping a security breach never comes their way or the polar opposite where companies secure every possible operation, spending thousands along the way, ultimately becoming the epitome of a popular security clich?"security by obscurity," Sevounts said.
"We want to provide security without crippling an operation," Sevounts said. "We aim to be affordable and integrated."
Proactive problem solvers
HP's security initiatives for 2001 are hinged on two products, Webenforcer and Virtualvault, that Sevounts hails as "a new generation of products that solve problems rather than suggest solutions."
HP believes there are 300 vulnerabilities in a server out-of-the-box, for example. Addressing those vulnerabilities often involves buying a scanner that gives an IT manager a list of what needs to be fixed. Next in the chain of events is hiring a consultant to patch the vulnerabilities. "It becomes a huge IT effort with a huge price tag," Sevounts said. "No wonder many managers don't address security the way they should."
Sevounts counters those measures with HP's two aforementioned security staples. Webenforcer, he said, is a Windows NT, Windows 2000 solution that searches for vulnerabilities on the Windows Web Server environment, including the Windows server, IIS Web server, transaction server, index server, Internet Explorer and data access cComponents. It automatically fixes vulnerabilities and then monitors the system via the HP SecurityUpdate subscription service. "Any (future) deviation from policy, Webenforcer corrects them," Sevounts said. At $3,000, Sevounts said Webenforcer's price tag is much more manageable than going the consultant route, which can leave companies staring at a bill of nearly tens of thousands of dollars.
Virtualvault, meanwhile, is more of a high-end solution targeted at financial services, telecommunications, manufacturing and retail industries. Built on the HP-UX operating system, Virtualvault protects on three levels -- past, present and future -- Sevounts said.
"Virtualvault works on three layers," he said. "The first is intrusion prevention. It fortifies the environment against future attacks by stopping vulnerabilities. Next is proactive attack protection that fortifies the server and protects in real time. If all else fails, it does damage containment where it cuts hackers off at the boundary, and keeps damage to just part of a page on a Web site as opposed to the whole site going down."
Sevounts said Virtualvault currently secures more than 120 banks worldwide and $7 trillion in assets. "None of our Virtualvaults have been penetrated," he said. "That's probably the best validation of the product."
The next challenge HP's security division faces is increasing visibility in the marketplace. "We'll get the word out there," Sevounts said. "HP is relatively new to security at this scale. We'll do more promotion and more visibility awareness. We have to break it to the world that we have more customers than the majority of the security vendors out there."
FOR MORE INFORMATION: