HP enters security space with application scanning

HP may not be known as a regular player in the IT security space, but the company is trying to change that by updating a pair of products it gained through an acquisition almost two years ago.

Late last week the company announced its HP Assessment Management Platform 8.0, as well as WebInspect 8.0 and a set of project services for companies using applications it would host on their behalf. The tools are designed to help organizations scan and test software programs, particularly before they go into production environments.

The products were among the assets HP gained in Sept. 2007 when it completed the acquisition of SPI Dynamics, an Atlanta-based firm, for an undisclosed amount. At the time, HP positioned the purchase as a complement to its service management offerings, given that SPI Dynamics’ tools were already integrated with its Quality Center software.

Nick Bell, senior manager of HP’s products, application security, software and solutions group, said he has seen a big shift in customer awareness around application security issues as more software is accessed through Web browsers.

“If you look at the large enterprises today, there’s a growing number of applications within their organization. It’s gone to tens of Web applications to hundreds of thousands. There are some that have up to 30,000,” he said. “They’re challenged by understanding what applications exist out there, because the business units seem to be the ones who actually own the applications. They’re throwing up these applications all the time.”

The Assessment Management Platform, which starts at US$85,000, is designed to help IT managers run multiple scanning tools, one of which is WebInspect. The products can help users determine which applications contain priority data, said Bell, and which are most vulnerable. WebInspect uses sensors to scan a user’s IP privileges, for example, or do deep auditing and offer suggestions to deal with problems in JavaScript or Flash.

While IBM bought Ottawa-based Watchfire, which provided similar products and services, there aren’t that many other prominent firms that deal with application security specifically, other than Cenzic in Santa Clara, California. James Quin, a security analyst with London, Ont.-based Info-Tech Research Group, said HP may be trying to corner a market that hasn’t grown too large yet.

“They’ve put themselves a little bit behind the eight-ball, because it’s a huge requirement for every organization out there. This could be HP’s way of finding their niche . . . the question is whether it’s too little, too late,” he said. “This is more of a prevention rather than cure type of solution.”

Bell noted that HP recently released SwiftScan, a Flash security tool, for free, in order to help promote HP’s growing presence in application security. He said the company is also trying to appeal to organizations outside the Fortune 500, through software-as-a-service versions of the Assessment Management Platform last year.

“Medium-sized business are becoming increasingly interested, because they don’t necessarily have the resources or all the infrastructure to be able to support this all the time. SaaS gets them access to those kinds of capabilities,” he said.

U.S. customers such as Sony Pictures Entertainment already use WebInspect today to help spot errors that could bring the company in violation of the Sarbanes-Oxley Act. Bell said Canadian firms might be equally interested in using its products and services to help comply with the PCI-DSS regulations.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now