HP Delivers an EnterpriseView into IT Risk Management

As an IT security executive, your ability to effectively manage risk depends in large part on having an accurate operational viewpoint into the security posture of your organization’s IT assets. But gathering actionable intelligence from a wide range of systems and platforms can be a complicated task.

Announced today, the HP Security Intelligence and Risk Management (SIRM) platform and HP’s new EnterpriseView module are designed to address the common problem of inadequate security visibility, enabling organizations to apply security defenses in response to business risk. EnterpriseView pulls in data from security and operational technologies to provide a holistic view of an organization’s overall security posture.

“EnterpriseView gives [companies] the ability to effectively manage risk across their organization, both with a heat map for prioritization as well as quantitative measurements,” Michael Callahan, Vice President, Worldwide Product and Solution Marketing at HP, told InternetNews.com.

Callahan noted that the platform will also show administrators how risk levels rise and fall as changes are made across an enterprise. By being able to manage and measure risk, an enterprise will be able to adhere to certain risk level targets in the same way that organizations already are committed to service level agreements.

The EnterpriseView technology is a new capability for HP that is distinct and separate from HP’s Arcsight product line. HP acquired security event management vendor ArcSight for $1.5 billion in 2010 as a way to help expand it’s security management portfolio. EnterpriseView does however pull data in from the ArcSight ESM (Enterprise Security Manager) technology. The data that comes from the ArcSight solution can be used as part of the calculation for understanding overall enterprise risk.

“If you’re interested in correlating security events across an organization, the ArcSight program is a great solution,” Callahan said. “If you want to understand risk collectively across what is going in security, operations, and understand how your devices are configured, then you want to look at a broader enterprise view to look at risk overall.”

Callahan added that operational information is pulled from from multiple data sources. Compliance information comes from HP’s Business Services Automation (BSA) solution, which pulls in data from server and network components. Inputs can also come in from HP’s Universal Configuration Management Database (UCMDB) for IT configuration information.

Application security is another key part of IT security risk. HP is also rolling out a new Application Security Monitor (AppSM) that examines running applications for security vulnerabilities and risks. Callahan noted that AppSM inspects all applications on a given server, without the need for any custom programming. The AppSM data can then be sent back to ArcSight ESM for broader security correlation, and that information can also move further upstream to EnterpriseView to help understand overall risk.

HP’s application security solution is available for both mobile apps as well as the back-end applications that power them. AppSM is built on technology that HP acquired with its acquisition of code security vendor Fortify in 2010.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network. Follow him on Twitter: @TechJournalist.

Latest articles

XDR Emerges as a Key Next-Generation Security Tool

Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a...

Best Encryption Tools & Software for 2020

Enterprises can invest in state of the art threat defenses like next-gen firewalls, microsegmentation and zero trust tools, but even the very best tools...

SASE: Securing the Network Edge

Dramatic growth in Internet of Things (IoT) devices and external users have forced IT departments to move storage and processing functions closer to the...

Kaspersky vs. Bitdefender: EDR Solutions Compared

Kaspersky and Bitdefender have very good endpoint security products for both business and consumer users, so they made both our top EDR and top...

Related articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here