Hewlett Packard Enterprise Introduces Application Security Solutions to Secure the Software Development Lifecycle for DevOps


New ecosystem and continuous application monitoring solutions bring speed and integration to all stages of development

NATIONAL HARBOR, MD, September 14, 2016 – Today, from HPE Protect 2016, Hewlett Packard Enterprise (HPE) introduced the HPE Fortify Ecosystem and Fortify on Demand (FoD) continuous application monitoring service. The online marketplace and service are designed to help organizations create secure applications by naturally integrating security testing processes and resources throughout the fast-paced software development lifecycle (SDLC). Partners of the HPE Fortify Ecosystem at launch include Microsoft, Docker and Chef, among more than 20 others. The FoD Continuous Application Monitoring Service provides ongoing discovery, scanning and runtime detection delivering visibility across the entire application portfolio.


To speed application time to market, enterprises are increasingly shifting to the more collaborative DevOps model that closely ties software developers with other IT functional areas to eliminate lag time in the SDLC. Security should be a core part of this integrated DevOps process to identify and remediate vulnerabilities before, during and after applications are brought to market. However, Gartner clients continue to continue to struggle with integrating technologies into existing workflows, bridging the gap between the security team and the development team, remediation, and creating repeatable processes to facilitate an efficient application security program.1


Application developers are being tasked with working at unprecedented speeds to deliver software in days and weeks instead of months, leaving little time to implement appropriate security measures, said Jason Schmitt, vice president and general manager, HPE Security Fortify, Hewlett Packard Enterprise. Securing the software development lifecycle in todays environment requires an automated, continuous, and natural process. The new HPE Fortify Ecosystem and Fortify on Demand continuous application monitoring service ensure the approach to application security is intuitive, comprehensive, and seamless to integrate, helping organizations save time and reduce costs.


The new HPE Fortify Ecosystem is fully integrated into the DevOps tool chain, making it simpler for developers to build security into the SDLC and strengthen the security of their applications. The marketplace features integrated systems spanning 10 distinct DevOps functional categories, including: Cloud, Containers, Security, Open Source and others. Platforms including Microsofts Visual Studio Team Services (VSTS), Docker and Chef are all compatible with HPE Security Fortify solutions at launch.


Implementing secure DevOps can help organizations reduce time, costs, and risks; however, applications must also be protected once they are in production. The increasing pressure to rapidly deliver applications often creates a disconnect between an organizations IT function and security team. As a result, the security team may not know what is in production and must identify which applications are deployed on the network, scan them for vulnerabilities and protect them. The FoD Continuous Application Monitoring service delivers a comprehensive application monitoring solution that automatically identifies an organizations full range of applications, dynamically scans and tests them in real-time, and integrates directly with security information and event management (SIEM) for incident identification and response.



The HPE Fortify Ecosystem and new HPE Security Fortify on Demand continuous application monitoring service are currently available globally.


HPEs annual enterprise security conference, HPE Protect, is taking place this week from Sept. 13-16 in National Harbor, Maryland. Follow HPE Security on Twitter @HPE_Security, and keep up with event happenings by following the event hashtag #HPEProtect.


(1) Gartner Hype Cycle for Application Security, 2016 July 2016


About HPE Security

HPE Security helps organizations protect their business-critical digital assets by building security into the fabric of the enterprise, detecting and responding to advanced threats, and safeguarding continuity and compliance to effectively mitigate risk. With an integrated suite of market-leading products, services, threat intelligence and security research, HPE Security empowers organizations to balance protection with innovation to keep pace with todays idea economy. Find out more about HPE Security at https://www.hpe.com/us/en/solutions/protect-digital.html.


Join HPE Software on LinkedIn and follow @HPE_Software on Twitter. To learn more about HPE Enterprise Security products and services on Twitter, please follow @HPE_Security  


About Hewlett Packard Enterprise

Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industrys most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.



Forward-Looking Statement

This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not materialize as expected and other risks that are described in Hewlett Packard Enterprises filings with the Securities and Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprises Registration Statement on Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7, 2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.