At the RSA 2015 conference today, HP extended the reach and scope of its IT security offerings to include access to a free portal through which users can check the security reputation of mobile applications and user behavior analytics to make it easier for IT organizations to use the same security framework to identify both internal and external threats.
HP also announced that it has partnered with Adallom to create the HP Cloud Access Security Protection platform, a service through which IT organizations can automatically classify and encrypt data based on its sensitivity and value to the business. HP is also a primary investor in Adallom.
Finally, HP revealed that it is working with AlienVault and CloudStrike to increase the amount of security intelligence data that can be accessed via HP Threat Central and that it has partnered with FireEye to deliver incident response services based on the advanced persistent threat (APT) software that FireEye created to identify new types of malicious malware.
Frank Mong, vice president and general manager of solutions for HP Security, says the biggest challenge that internal IT organizations face when it comes to IT security has been patch management. With the rise of mobile applications, the complexities associated with managing that process have now increased by several orders of magnitude. The HP Fortify on Demand portal is designed to identify what mobile applications running on any mobile computing device might be compromised, which Mong says usually occurs when end users or organizations that manage those applications fail to keep current on the latest versions of those applications.
The HP Fortify on Demand Portal, says Mong, not only identifies those applications but also alerts IT organizations about which one of those applications might be communicating with external sources that it normally would not communicate with. That is critical because communication with an unknown external server is usually a primary indication that a mobile application has been compromised, says Mong.
In addition to focusing on mobile applications, HP is taking advantage of analytics software developed by Securonix to identify anomalies in end-user behavior that might be indicative of illicit activity inside the organization. Mong says the Securonix software mines data collected in the HP Fortify security information event management (SIEM) platform to turn all the security data collected by that platform into actionable security intelligence.
Collectively, HP appears to be aggressively leveraging partnerships to extend the breadth of its security services at a time when threats are not only appearing in greater number, but the attacks being launched are becoming increasingly more sophisticated. The degree to which any IT organization is prepared to deal with those threats varies widely, so reliance on outside assistance is becoming the new IT security norm. After all, no matter how many IT security resources an organization might have at its disposal, these days the perpetrators of digital crimes always seem to have more.