HP introduces industrys first application self protection as-a-service solution

September 9, 2014 • Press Release

HP Application Defender Simplifies Application Security

WASHINGTON, DC--(Marketwired - Sep 9, 2014) - HP (NYSE: HPQ) today introduced HP Application Defender, the first cloud-managed application self-protection service managed that provides immediate visibility and actively defends production applications against attacks. 

As the number and complexity of enterprise applications grows, the attack surface for exploits increases exponentially, leaving enterprises even more exposed. Traditional methods of protecting applications can take significant time to implement and are focused on software that is in development -- they don't protect applications running in production. Additionally, with more than 80 percent of successful breaches occurring at the application layer,(1) it is clear that installing simple perimeter defense to protect production software lacks effectiveness.

To prevent attacks from within the application, HP Application Defender leverages runtime analysis technology to monitor activity in the runtime environment to detect and prevent real-time attacks. The introduction of the HP Application Defender as a Software-as-a-Service platform allows any size organization to protect applications against advanced threats without significant investment in security resources.

"With vulnerabilities like cross-site scripting and SQL injections affecting 53 percent of applications,(2)there has not been an easy and effective way to help enterprise applications protect themselves -- until now," said Jason Schmitt, general manager, Fortify, Enterprise Security Products, HP. "Through a first-of-its-kind application self-protection service, HP Application Defender brings simplicity to application security, enabling organizations to automatically identify and protect against software vulnerabilities in real time -- stopping what no one else can even see."

Whether an organization has two applications or 2,000, HP Application Defender seamlessly scales to meet their security needs. By providing a simple installation process and a cloud-based management platform, HP Application Defender allows time- and resource-constrained security professionals to identify and stop attacks quickly and effectively, without changing code or installing another device on the network.

Enabling users to efficiently manage and report security data in real time, HP Application Defender boasts easy-to-use interactive dashboards and alerts that give detailed information on the nature of an attack and where it occurred. HP Application Defender provides intelligence from inside the application runtime that helps developers fix the issue permanently in the source code, while it is virtually patched in the production environment.

"By 2017, 25 percent of application runtime environments will have built-in self-protection capabilities, up from less than 1 percent in 2012," wrote Joseph Fieman, research vice president and Gartner fellow, Gartner Research. "Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows."(3)

Pricing and availability
HP Application Defender is available immediately worldwide. Pricing for the service is $79 per month per application instance.

Additional information about HP Application Defender from HP Fortify is available at www.hp-application-defender.com. Additional information about HP Enterprise Security Products can be found at www.hp.com/go/esp.

HP's annual enterprise security user conference, HP Protect, is taking place this week from September 8-11 in Washington, D.C. Follow HP Security on Twitter @HPsecurity, and keep up with event happenings by following the event hashtag, #HPProtect

Related videos

  • Demo video: See how HP Application Defender works within the application to identify activity and context inaccessible by network monitors, enabling users to simply stop attacks on production applications.
  • Animated video: This animated video explains how security exploits on production applications are difficult to stop without context from within the application. See why it's time for a new kind of defense.

About HP
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers' most complex challenges in every region of the world. More information about HP is available at http://www.hp.com.

(1) HP Enterprise Security Products, Research. 
(2) HP Security Research, "Cyber Risk Report 2013," February 2014. 
(3) Gartner, "Runtime Application Self-Protection: A Must-Have, Emerging Security Technology," April 2012.

© 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.