As an IT security executive, your ability to effectively manage risk depends in large part on having an accurate operational viewpoint into the security posture of your organization's IT assets. But gathering actionable intelligence from a wide range of systems and platforms can be a complicated task.
Announced today, the HP Security Intelligence and Risk Management (SIRM) platform and HP's new EnterpriseView module are designed to address the common problem of inadequate security visibility, enabling organizations to apply security defenses in response to business risk. EnterpriseView pulls in data from security and operational technologies to provide a holistic view of an organization's overall security posture.
"EnterpriseView gives [companies] the ability to effectively manage risk across their organization, both with a heat map for prioritization as well as quantitative measurements," Michael Callahan, Vice President, Worldwide Product and Solution Marketing at HP, told InternetNews.com.
Callahan noted that the platform will also show administrators how risk levels rise and fall as changes are made across an enterprise. By being able to manage and measure risk, an enterprise will be able to adhere to certain risk level targets in the same way that organizations already are committed to service level agreements.
The EnterpriseView technology is a new capability for HP that is distinct and separate from HP's Arcsight product line. HP acquired security event management vendor ArcSight for $1.5 billion in 2010 as a way to help expand it's security management portfolio. EnterpriseView does however pull data in from the ArcSight ESM (Enterprise Security Manager) technology. The data that comes from the ArcSight solution can be used as part of the calculation for understanding overall enterprise risk.
"If you're interested in correlating security events across an organization, the ArcSight program is a great solution," Callahan said. "If you want to understand risk collectively across what is going in security, operations, and understand how your devices are configured, then you want to look at a broader enterprise view to look at risk overall."
Callahan added that operational information is pulled from from multiple data sources. Compliance information comes from HP's Business Services Automation (BSA) solution, which pulls in data from server and network components. Inputs can also come in from HP's Universal Configuration Management Database (UCMDB) for IT configuration information.
Application security is another key part of IT security risk. HP is also rolling out a new Application Security Monitor (AppSM) that examines running applications for security vulnerabilities and risks. Callahan noted that AppSM inspects all applications on a given server, without the need for any custom programming. The AppSM data can then be sent back to ArcSight ESM for broader security correlation, and that information can also move further upstream to EnterpriseView to help understand overall risk.
HP's application security solution is available for both mobile apps as well as the back-end applications that power them. AppSM is built on technology that HP acquired with its acquisition of code security vendor Fortify in 2010.