With security breaches mounting in what can only be described as a terrible year for IT security, vendors are coming up with new services to help enterprises fight attacks.
The latest was revealed today by Hewlett-Packard at its annual HP Protect conference in Washington, D.C., a cloud service called Application Defender to meet security attacks at the application layer.
For US$79 an application customers install an agent on Web servers that watches for and blocks suspicious activity in addition to alerting the IT security team. It can analyze user actions, data anomalies and logic flow to distinguish between an actual attack and legitimate user activity, HP said.
“Instead of relying on network security tools to protect Web services or mail, we have a small agent with a footprint on 10 MB that sits on a Web server and it watches what’s going on with Web application responses,” Frank Mong, vice-president of solutions for HP Enterprise Security products, said in an interview.
“It protects SQL injection or buffer overflow attacks. It not only alerts the security professional but blocks the (malware) code before they can do anything. The software application can now defend itself.” There is no performance it to the network or applications, he said.
http://youtu.be/8PjJGyqnTj4
He acknowledged that the service could be expensive for organizations that want to protect all applications. But, he added, “it gives you assurance that your application isn’t sitting idle. Your app now has intelligence to actually do something instead of getting breached. We think this is a revolutionary concept and I believe is going to help companies deal with the problem of patching.”
For example, to fix the Heartbleed vulnerability this year organizations had to take applications offline to have the OpenSSL libraries updated. An organization with Application Defender could have keep the applications online. If you see it that way, he said , “it saves you billions.”
Application Defender, which ties into HP’s security network, would have detected that certain data was being exfiltrated without encryption wasn’t happening and blocked the activity.
Also at the conference HP (NYSE: HPQ) announced ArcSight Logger 6.0, a log management application that stores analyzes data from multiple sources.
The new release has a mobile app for remote monitoring, a new interface, expanded collection from up to 350 sources, a data compression ratio of up to 10:1.
For analytic, it can search 1.6 PB of data in seconds. “Our goals is to allow customers to scale data store affordably, at $100 per TB, and give them ability to collect store and analyze that data without pinching their wallets,” Mong said.
HP Isn’t saying that application protection will solve all problems. Mong said next year its Tipping Point division will release two new hardware devices: an Advanced Threat Appliance Network to protect layer 2/3 protocols, which will cost US$31,000 for 250 Mbps of inspection throughput; and an Advanced Threat Appliance Mail to protect mail server, which will cost US$15,000 plus $32.50 per user.
Initially they will be hardware appliances; virtual versions will be released later.