At the RSA Conference that starts today, HP is introducing a number of products, starting with a risk-management tool for gaining visibility about IT assets, operations, vulnerabilities and threats in order to provide a “risk score” and, if needed, prioritized remediation.
Tom Reilly, vice president and general manager of enterprise security at HP, is expected to demo HP Enterprise View at some point during his keynote address on Thursday. HP Enterprise View aims at presenting a so-called “risk number” relative to a top score of 100 on the status of compliance versus vulnerabilities in IT systems. It’s intended to help the IT department establish baseline expectations on security for its own purposes and for upper management.
“We think we can have a CIO live up to a risk-level agreement,” says Michael Callahan, vice president of product solutions marketing for HP enterprise-security products. The idea is that a commitment about the baseline security the organization should achieve would be made by the chief information security officer (CISO), approved by the CIO and presented to upper business management and the chief financial officer. The way to measure that would be through HP Enterprise View, which can present a score-based real-time risk status. Since the tool has a simple-to-understand “heat map” view of what’s doing well or not, business managers could make use of it as well as technical people. And it could be used to evaluate compliance with the Payment Card Industry (PCI) standards, Callahan says.
HP Enterprise View is designed for optimum use with other HP products, Callahan says, with HP’s security and information management tool ArcSight a foundation for information aggregation and analysis, and it will pull in information from HP TippingPoint and Fortify. But the View is also designed to take in data from a variety of third-party products, including vulnerability-assessment tools from McAfee, Symantec, Nessus and Qualys. HP Enterprise View, expected out in March, starts at $200,000.
Other products to be unwrapped at RSA include:
– HP Application Security Monitor: AppSM, as it’s called, makes use of Fortify technology to monitor and block attacks against server-based applications.
– HP Mobile Application Security: HP’s Fortify, which offers both software and a service for application vulnerability analysis, will now provide security testing for apps for Apple iOS and Google Android.
– HP PCI Cloud Compliance Stack: This is an architecture design of various HP products configured in a way that Coldfire, a PCI auditor, asserts meets PCI compliance.