HP cloud service gives applications ability to protect themselves

With security breaches mounting in what can only be described as a terrible year for IT security, vendors are coming up with new services to help enterprises fight attacks.

The latest was revealed today by Hewlett-Packard at its annual HP Protect conference in Washington, D.C., a cloud service called Application Defender to meet security attacks at the application layer.

For US$79 an application customers install an agent on Web servers that watches for and blocks suspicious activity in addition to alerting the IT security team. It can analyze user actions, data anomalies and logic flow to distinguish between an actual attack and legitimate user activity, HP said.

“Instead of relying on network security tools to protect Web services or mail, we have a small agent with a footprint on 10 MB that sits on a Web server and it watches what’s going on with Web application responses,” Frank Mong, vice-president of solutions for HP Enterprise Security products, said in an interview.

“It protects SQL injection or buffer overflow attacks. It not only alerts the security professional but blocks the (malware) code before they can do anything. The software application can now defend itself.” There is no performance it to the network or applications, he said.


He acknowledged that the service could be expensive for organizations that want to protect all applications. But, he added, “it gives you assurance that your application isn’t sitting idle. Your app now has intelligence to actually do something instead of getting breached. We think this is a revolutionary concept and I believe is going to help companies deal with the problem of patching.”

For example, to fix the Heartbleed vulnerability this year organizations had to take applications offline to have the OpenSSL libraries updated. An organization with Application Defender could have keep the applications online. If you see it that way, he said , “it saves you billions.”

Application Defender, which ties into HP’s security network, would have detected that certain data was being exfiltrated without encryption wasn’t happening and blocked the activity.

Also at the conference HP (NYSE: HPQ) announced ArcSight Logger 6.0, a log management application that stores analyzes data from multiple sources.

The new release has a mobile app for remote monitoring, a new interface, expanded collection from up to 350 sources, a data compression ratio of up to 10:1.

For analytic, it can search 1.6 PB of data in seconds. “Our goals is to allow customers to scale data store affordably, at $100 per TB, and give them ability to collect store and analyze that data without pinching their wallets,” Mong said.

HP Isn’t saying that application protection will solve all problems. Mong said next year its Tipping Point division will release two new hardware devices:  an Advanced Threat Appliance Network to protect layer 2/3 protocols, which will cost US$31,000 for 250 Mbps of inspection throughput;  and an Advanced Threat Appliance Mail to protect mail server, which will cost US$15,000 plus $32.50 per user.

Initially they will be hardware appliances; virtual versions will be released later.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now