Hewlett Packard Enterprise Leads Transformation of Cyber Defense With "Build it In" and "Stop it Now" Approach
March 1, 2016 • Press Release
New Reference Architecture, Offerings and Partnerships Enable Enterprises to Build Security Into the Fabric of Enterprise IT and Stop Attacks in Their Tracks
SAN FRANCISCO, CA--(Marketwired - Mar 1, 2016) - RSA Conference -- Hewlett Packard Enterprise (HPE) (NYSE: HPE) today announced new security offerings designed to help organizations build protection into the fabric of their enterprises and stop attacks through comprehensive detection and response capabilities. Announcing a new cyber reference architecture, mobile security offerings and an expanded ecosystem of partners, HPE Security is helping organizations design security and risk management processes into IT operations to address today's sophisticated threat landscape while providing a safer environment to meet tomorrow's business demands.
With the emergence of Internet of Things (IoT) and the rapid acceleration of digital and converged systems, security professionals are challenged with identifying risks related to business critical assets without stifling innovation. According to IDC, the assessment of IoT devices along with the need to mitigate risks associated with IoT is prompting organizations to gain visibility into network traffic generated by these connected devices. IDC expects this to be a significant driver of growth in the security information and event management segment from $1.7 billion in 2014 to $2.6 billion in 2019, as organizations look to build security and analytics capabilities into the deployments of emerging technologies.1
"The traditional bolt-on method of enterprise security, emphasizing network defense and perimeter control, is proving to be insufficient against today's radically changing threat landscape," said Sue Barsamian, senior vice president and general manager, HPE Security Products, Hewlett Packard Enterprise. "Organizations need a risk and resiliency roadmap that goes beyond this traditional focus and builds security into every layer of the IT stack -- from the infrastructure to the apps to the data -- along with comprehensive detection and response capabilities that will drive the next generation of intelligence-driven security operations."
Providing a Framework for Building in Cyber Resiliency
As enterprises are challenged with managing risk amidst a rapidly changing threat environment, HPE has introduced the HPE Cyber Reference Architecture (CRA), a comprehensive information security framework designed to help build resiliency into organizations in an effort to stop today's most complex security threats. Comprising 12 domains, 63 sub-domains and over 350 distinct security capabilities, the HPE Cyber Reference Architecture defines solutions to today's most complex cyber security challenges, including cloud, mobility, Machine-to-Machine (M2M) and Internet-of-Things (IoT).
"With the growth in emerging technologies and the sophistication of today's threat landscape, enterprises today are challenged with identifying and managing risk while keeping pace with innovation," said Art Wong, senior vice president, HPE Security Services, Hewlett Packard Enterprise. "The HPE Cyber Reference Architecture provides organizations with a framework for resiliency, leveraging 350 distinct security architecture blueprints addressing the core components and initiatives needed to build security in and stop attacks in their tracks."
Building Security into the Mobile Landscape
HPE unveiled results from a research study finding that more than half of mobile applications are collecting alarming quantities of data from users, but not all taking the necessary steps to protect this sensitive information. The study leveraged HPE Security Fortify on Demand to scan more than 36,000 iOS and Android mobile apps, and revealed the impact of increasing data collection, as well as recommendations for how organizations, mobile application developers and enterprises can transform security approaches to better protect their data.
To help organizations build security into their mobile applications, HPE also announced HPE Secure Data Mobile, an end-to-end data encryption solution designed to protect sensitive information in mobile environments. This offering enables organizations to build data security into their mobile applications and safeguard the data throughout its full lifecycle -- at rest, in motion, and in use -- extending security far beyond traditional technologies such as TLS, VPN, and storage encryption. It also leverages HPE Format-Preserving Encryption, a standards-based encryption to make only minimal modifications to existing applications, while providing data security for mobile applications or mobile purchases.
Expanding the ArcSight Ecosystem for Enhanced Detection and Response
With 30 percent annual growth in its HPE Security ArcSight Technology Alliances Partner (TAP) program, HPE has announced a number of new ArcSight-powered offerings and strategic partnerships that promote collaboration among security leaders in the industry to support a comprehensive, "stop it now" model for maximum detection and response capabilities.
- HPE Security ArcSight & HPE Security Services: United Defense
HPE announced the continued evolution of its Threat Defense Services portfolio, which includes market-leading security monitoring and managed Security Information and Event Management (SIEM) services powered by HPE Security ArcSight. Enhancements to the services portfolio include automated security alerting services, security investigation and response, attacker profiling and user behavior and malware analytics solutions.
- HPE & Aruba ClearPass: Mobility Made Safe
HPE Security ArcSight now has deeper two-way integration with Aruba ClearPass. Building on the capability for HPE Security ArcSight to consume rich event, user and device context from ClearPass, HPE's industry-leading network policy management solution, ArcSight now also allows the security analyst to quarantine or remove endpoints from a network via ClearPass when malicious behavior is detected.
- HPE Security ArcSight & vArmour: Securing the Enterprise Cloud
Virtualized and cloud data centers have long struggled with the tracking and analysis of application-layer activity. With vArmour DSS, users of HPE Security HPE Security ArcSight ESM now gain visibility into application communications from every workload across public and private clouds. In addition, organizations will be able to respond in real time to advanced persistent threats that are identified by HPE Security ArcSight ESM by making policy changes using vArmour's application-aware micro-segmentation -- stopping an attack.
- HPE Security ArcSight & Fortinet: Enhancing Device Visibility
The pairing of HPE Security Logger and Fortinet FortiGate will deliver an innovative, scalable security bundle from two leaders in security that goes beyond the firewall to provide in-depth visibility of all devices across an organization. With this partnership, enterprises can capture, store and analyze security events for accelerated investigation and forensics, while supporting compliance needs.
- HPE Security ArcSight & IT-ISAC: Sharing Actionable Intelligence
HPE Threat Central, a community-sourced security intelligence platform that incorporates dynamic threat analysis scoring, was selected by the IT-ISAC as the primary threat sharing and analysis platform to share intelligence with its members. With its product agnostic approach and support for industry standards such and STIX and TAXII, HPE Threat Central provides derived, relevant and actionable intelligence through both machine-machine and human-human interfaces.
- HPE Security ArcSight & PwC: Enhancing Network Visibility
PwC's Cyber Security & Privacy practice will now include the HPE DNS Malware Analytics (DMA) solution in its Security Assessment Services portfolio. This will provide enhanced network visibility to PwC's client organizations allowing them to more easily detect and identify hosts infected with malware, bots or other unknown threats.
Additional information about HPE Security solutions and services is available at HPE booth No. 3411 at the RSA 2016 Conference. On Wednesday, March 2 at 2:40 p.m. PT., Executive Vice President and CTO at Hewlett Packard Enterprise, Martin Fink, will deliver a keynote revealing radically new approaches and data protection architectures designed to build security in across the entire IT stack and serve as the foundation of the next-generation Security Operation Center (SOC). To keep up with RSA Conference happenings and HPE news, follow hashtags #RSAC and @HPE_Security.
About HPE Security
HPE Security helps organizations detect and respond to cyber threats while safeguarding continuity and compliance to effectively mitigate risk and incident impact. Delivering an integrated suite of market-leading products, services, threat intelligence and security research, HPE Security helps customers proactively protect the interactions among users, applications and data, regardless of location or device. With a global network of security operations centers and more than 5,000 IT security experts, HPE Security empowers customers and partners to safely operate and innovate while keeping pace with the speed of today's idea economy. Find out more about HPE Security at https://www.hpe.com/us/en/solutions/security.
About Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster. With the industry's most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.
1 IDC, Worldwide Security and Vulnerability Management Forecast, 2015-2019, Doc # 259615, October 2015
This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not materialize as expected and other risks that are described in Hewlett Packard Enterprise's filings with the Securities and Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprise's Registration Statement on Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7, 2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.