For much of its history, HP's ProCurve networking unit has been focused on switching for its hardware gear. Now HP is expanding ProCurve to encompass security hardware as well.

HP ProCurve is adding a new Threat Management Services Module that is a plug in blade for existing ProCurve 8212 and 5400 Series switches. The new module adds firewall, virtual private network (VPN) and intrusion prevention (IPS) functionality to the switches. The move could bring HP's ProCurve into more direct competition against security platform plays from networking infrastructure vendors like Cisco and Juniper .

"This is HP's entry into the firewall and IPS market," David Obert, Global Security Solutions Manager at HP ProCurve told "What HP intends to do here is same thing we did in switch marketplace -- which is to bring in products that reduce cost and complexity and therefore transition the market from more complex costly solutions."

The new security module delivers 3 Gbps of firewall throughput, 1.5 Gbps of IPS and 300 Mb of VPN functionality. HP is also upgrading its software suite, called the HP ProCurve Manager Plus, to version 3.0 for managing security and access across a network. ProCurve Manager Plus itself includes ProCurve Mobility Manager 3.0 for wireless local area network (WLAN) security management and deployment as well.

While HP has provided security and network access control (NAC) in a software based approach before, Obert argued that there are advantages to having security with integrated hardware.

Obert noted that with hardware there are performance improvements as well as manageability improvements that software alone cannot provide.

Missing features?

Integrating security into networking hardware is something that HP ProCurve's competitors have been hyping a lot lately. Cisco CEO John Chambers recently told a keynote audience at RSA that security needs to be part of the networking infrastructure. Cisco also has updated its security portfolio to include global threat correlation in the cloud as well as botnet detection on firewalls.

Obert noted that for HP's IPS they do have threat signature update services available. However he added that for a global threat monitoring solution that's where HP would look to its ProCurve ONE partners like McAfee.

ProCurve ONE is HP's effort to enable applications to run on top of its networking hardware. In some ways it is a competitive effort to Cisco's Unified Computing System which integrates servers into Cisco's networking infrastructure.

Obert also sees ProCurve ONE partners as the way in which HP might be able to provide botnet detection for its customers.

"Obviously this is an initial product," Obert commented. "I think you'll see us expand the breadth of the product line over time as we look to drive further and deep and look to gain an increasing amount of share within this market space."

Article courtesy of