HP has formed the HP Security Research (HPSR) organization, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio. Under the direction of the new organization, the company also introduced findings from its annual Cyber Security Risk Report.
As part of the HP Enterprise Security Products (ESP) business unit, HPSR will lead HP's security research agenda, leveraging existing HP research groups, including HP DVLabs, a research organization focused on vulnerability discovery and analysis, as well as HP Fortify Software Security Research, which is focused on developing software security practices. HPSR will also manage the Zero Day Initiative (ZDI), which focuses on identifying software flaws that have led to cyber attacks and security breaches.
Driving security intelligence research into product offerings
A core focus of HPSR is to provide research that directly influences the development of the HP ESP portfolio. As such, HP has enhanced its HP Reputation Security Monitor (RepSM) 1.5, which protects clients against advanced threats by leveraging data feeds directly from HPSR. These data feeds enhance the identification of peer-to-peer network use, potential spear phishing and spam floods, while also recognizing patterns over time such as reconnaissance scans and abnormal activity levels.
The new HP RepSM enables clients to defend against sophisticated attacks by detecting dangerous browsing of ill-reputed sites to prevent a breach. After a breach occurs, the solution identifies the infected assets, communicating with ill-reputed command and control centers, before intellectual property is leaked.
For midmarket organizations with large volumes of data and limited resources, HP ArcSight Express 4.0 combines security information and event management (SIEM), log management and user activity monitoring on a single appliance. The solution simplifies the collection, analysis and management of security events quickly and cost-effectively.
Clients can be up and running in minutes, quickly gaining insight into potential security threats by pulling information from hundreds of data sources. The solution also monitors user and application activity for security anomalies, such as suspicious behavior.
Research identifies security risk
HPSR also released the HP 2012 Cyber Security Risk Report, providing insight into the vulnerability landscape, with a range of data covering technologies such as web and mobile. The annual report provides security intelligence to organizations so that they can best deploy their resources to minimize security risk.
The report highlights that total vulnerabilities are on the rise, based on disclosures that grew 19 percent from 6,844 in 2011 to 8,137 in 2012. 2012 disclosures remain 19 percent lower than the peak in 2006.
Critical vulnerabilities fell from 23 percent in 2011 to 20 percent in 2012. 1 in 5 vulnerabilities still give attackers total control of their target.
Sign up for CIO Asia eNewsletters.