In the wake of HP's announcement earlier today that it will launch a separate security unit dedicated to enterprise security products, we've asked Jay Huff, EMEA Director of ArcSight, an HP company, a few questions about HP's future strategy in security and how he sees threats evolving in the future.
a) Can you tell us in a nutshell what HP's announcement is all about?
Back in March, HP outlined a strategy and vision to deliver a comprehensive Security Intelligence and Risk Platform by building on and integrating the products acquired from Tipping Point, Fortify and ArcSight, and a comprehensive range of services to help organisations drive their security transformation initiatives. Next Monday we are announcing an expanded portfolio of products and services based on this strategy. There will be 6 new product announcements, 6 services announcements and a new security research report from the HP’s DVLabs research organisation.
b) The concept of having a defined, impermeable security perimeter appears to be obsolete given the latest security scares. What's HP's perspective on that?
We absolutely agree. Cybercriminals are becoming ever more sophisticated in their attack methods, persistently attacking individual organisations and looking for vulnerabilities across the network, app and DB layers and employing a range of social engineering techniques. On the other side, IT organisations are grappling with an explosion of smart mobile devices on the network, the “consumerisation of IT”, where employees are now connecting their personal devices to the network and using them for both personal and business tasks, and the adoption of cloud and “as a service” computing models. So what was a clearly defined perimeter before is now very porous at best. This creates a fundamental asymmetry where the cybercriminal only has to find one way in, while the organisation has to try to monitor and protect all access points.
c) Why do you think the number & complexity of enterprise security breaches are on the increase rather than the opposite despite increased investments in security products and services?
You cannot protect yourself against today’s threats by doing more of what you’ve done in the past. While the focus on perimeter is still necessary it is no longer sufficient. Today, organisations need real-time intelligence in a number of areas; what is happening across your network, who is on the network and what are they doing, what are the potential vulnerabilities in your applications and infrastructure that can be exploited, and what are the latest external threats? HP is incorporating this intelligence across our security products to help organisations close down potential exposures and to gain a high level of situational awareness to identify and stop more sophisticated attacks in their early stages.
d) One of the big paradigm changes of the last few years is the creeping "consumerisation" of businesses with tablets and smartphones being pushed by consumers inside the enterprise security perimeter. How is HP addressing this with its new set of ESS?
There are a number of aspects to this security challenge that are addressed by the HP Security Intelligence and Risk Platform. The first is comprehensive monitoring of consumer as well as corporate devices, looking for unusual patterns that could indicate malicious activity. This is a big data problem involving the sifting through of 10’s of millions of events per day. One of the products being announced is ArcSight Express 3.0 which provides mid size companies and departments in larger organisations with comprehensive event capture and real-time security monitoring and correlation. We’ve introduced a new engine we call the CORR (Correlation Optimised Retention and Retrieval) engine that delivers a 5x performance improvement in event correlation, allowing organisations to sift through events faster and find problems sooner. We are also able to do vulnerability testing on the mobile applications themselves to identify potential exposures and lock them down, either by remediating them in the code or though additional Web Application Firewall filters based on the intelligence gathered from the vulnerability testing.
e) How does HP envision the future of security within the enterprise over the next decade? How will it evolve?
Organisations will transform their security capabilities in a number of ways; from adding additional awareness and actionable intelligence which we’ve discussed above, through better modelling and understanding of the risks involved in changing computing models, and with closer integration with other parts of the business such as IT Operations, Application Development or business leadership. HP will continue to apply actionable intelligence in our solutions to allow organisations to keep up with the changing thread landscape. At the same time we will allow organisations to take a much more business focused approach to IT, allowing business leaders to better understand their current risk profile and to make more targeted security investments. One of the new announcements is an executive dashboard we call Secure Boardroom which presents an organisations current security state in a way that is understandable to business executives. Two new service announcements, HP Enterprise Security Discover Workshop and HP Information Security Management, help organisations assess their current situation and desired future state and put in place an HP managed transformation programme to get them there.