HP has announced new services that will help clients manage their security environments and drive security transformation programs with flexible sourcing models.
Many enterprises are struggling with a siloed approach to IT management, which includes security operations and controls. This limited view across the security environment increases the threat of viruses and makes it difficult to measure the value of security initiatives aligned to business strategy.
HP Information Security Management (ISM) offers a combination of people, processes, methodologies and tools to manage security policies and processes. This comprehensive approach helps to facilitate IT investment decisions and minimise risks.
In conjunction with HP Labs, the company’s central research facility, HP ISM incorporates advanced modeling techniques that drive rigorous, tested security strategies to improve a client’s overall security position.
“As the number of threats to infrastructure and applications continues to increase, organisations need to have a robust information security program in place that helps CIOs make the right decisions regarding investments in security controls,” says Ashton Steyn, chief technology officer and alliance executive, Enterprise Services South Africa.
“We put all of the security information our clients need right at their fingertips, so they can react instantly as their organisations evolve.”
HP ISM integrated services support the development and management of a transparent security infrastructure that enables clients to improve operational efficiencies and reduce costs.
HP ISM leverages HP Secure Boardroom, which delivers a comprehensive view of the overall security environment, including details of specific security controls, via an online portal. Greater insight and actionable information enables executives and CIOs to rapidly develop effective enterprise security strategies that are aligned to reducing business risk.
Providing a holistic view of security functions coupled with consolidated compliance information across operational IT services, suppliers and infrastructure, HP Secure Boardroom streamlines information security management.
Cyber attacks grow more frequent and complex each day, generating vast amounts of potentially harmful data across networks, servers and other devices.
HP Security Information and Event Management (SIEM) services use advanced technologies in the newly announced HP ArcSight Express 3.0 to rapidly collect, log, sort and filter relevant security events, enabling clients to identify and protect systems against threats.
HP SIEM services also generate predefined reports, enabling clients to demonstrate compliance with policies and regulations.
HP Enterprise Cloud Service (ECS) – end point threat management protects desktops, laptops and servers against viruses, malware, spyware and intrusions.
Available as a pay-per-use model, it uses current, centrally managed virus and malware definitions to block unauthorised communication and prevent installation of unwanted programs. The service requires no software or hardware investments and can be easily tailored to a client’s existing security policy for rapid return on investment.
Many companies focus on protecting their networks, infrastructure and data centres with physical security and firewalls. However, an application that sits behind the corporate firewall in a secure data centre is still not safe from attacks.
New research conducted on behalf of HP demonstrates that executives rank applications as the third most dangerous vulnerability to their organisations, behind platform and network vulnerabilities.
HP Application Security testing-as-a-service combines HP’s security testing expertise with software tools, processes and best practices to identify and close security vulnerabilities in the application layer.
Code scanning and Web penetration services are delivered using HP Fortify Static Code Analyser and HP WebInspect, key components of the new HP Fortify Software Security Centre suite. The as-a-service model reduces risk, time and investment needed to deliver software security assurance.