HP Rolls Out Three-Pronged Security Product Strategy

Speaking in San Francisco, Tony Redmond, VP and chief technology officer of HP Services, painted a dire picture of the rise in cyberattacks. Redmond cited an increase in the velocity of such incidents. Years ago, the industry worried about viruses being spread by floppy disks, he noted wistfully. "Today, viruses spread at computational speed. It's very difficult to deal with a virus that makes 800 networks connections a minute."

For example, he said that he'd recently purchased a new PC for his home—an HP model, of course—and within 15 seconds of plugging it in, the machine was being attacked.

"We believe a new approach is necessary," Redmond said.

HP's fortified focus on security includes an expanded PC Security initiative to educate consumers and help protect their systems, a series of products and tools aimed at smaller firms, and new security services for big companies and public-sector customers.

Key elements of the consumer initiative include dedicated online security support with free real-time chat and one-hour response-time E-mail. The company will also offer free, live virus-alert classes via phone during virus outbreaks. In addition, HP's PC Security Center includes a variety of educational and software resources.

For smaller companies, HP is rolling out new software and services, in conjunction with partners, to address what it calls "the six basic layers of security." These are physical security, data security, application security, network security, security management, and delivered security management. The company says its new products will help protect the businesses "against risk exposure and business disruption caused by viruses, spyware, spam, intrusion, and outdated security."

HP's enterprise efforts include a new Security Incident Management program and new OpenView Select Federation Identity Management software.

"Most companies have problems getting their hands around security incidents," explained Doug Brown, security-product architect at HP Services, noting that businesses tend to lack a rapid-response team to deal with accelerated attacks. It's this deficiency HP hopes to remedy for its customers. HP developed the methodology for the Incident Management Program internally and that the company has not had a serious security incident since the Nimda worm in 2001, Brown says.

The company's federation server, available through original equipment manufacturing partner Trustgenix Inc., enables federated identity services across organizations, meaning that users only need to be authenticated once, no matter how many applications or servers they traverse. It supports Liberty Alliance, SAML, and WS Federation protocols, making it standards-agnostic.

Redmond also noted that HP has developed a technology to slow the spread of viruses, called "virus throttling," that would soon appear in certain HP servers, switches, and PCs.

"We want to build protection into the network components so that they can detect when they're being attacked," he said. As described, virus throttling slows the rate at which viruses can replicate without slowing general computation. The aim is to give network administrators time to respond—a luxury they don't have now given the speed at which viruses propagate.