HP plans managed security market entry

Hewlett-Packard Co is planning an entry into the managed security services market, to deliver various vulnerability scanning routines built around new technology called Active CounterMeasures.

Security is being flagged as a strategic growth area by HP, said Tony Redmond, CTO at HP Services, a $30bn arm of Hewlett-Packard that has about 60,000 staff. He said the company is coming at it from three main directions. As well as identity management initiatives and next-generation trusted platform developments, we are concentrating on adaptive security management. We see that as allowing systems to detect and remediate problems proactively, wherever possible using policy-based procedures to automate security management.

The Active CounterMeasures software is designed to report on vulnerabilities and steer patch management processes, but it will also restrict access to certain parts of the network, terminate an application or even quarantine off a suspect end point machine.

The software stems from development work started by researchers at HP Labs in Bristol, UK and perfected over two years of use within HP where it is used to secure a global network that supports around 250,000 attached devices.

The software will scan a system for a given security hole exploiting the same vulnerability as a hacker would, but instead of deploying a malicious payload Active CounterMeasures fetches a remedial payload from an operations server. HP first used this method against the Code Red outbreak of 2001, and claims to have escaped debilitating attacks.

Every network will come under attack at some time, but we are seeing an increase in threat velocity, Redmond said. It is becoming increasingly difficult for security administrators to keep track of all of the machines connecting to their networks at all times, yet some will not comply with security policy, and therefore represent vulnerable points in the network. Active CounterMeasures addresses this issue, he added.

The Active Countermeasures software set lends itself to delivery as a managed service.

HP currently is working with service providers to define the commercial services that will wrap around Active CounterMeasures. It is very likely that we will partner with some of the large service providers, Redmond said, but it will also be a first step into the managed security services arena for HP.

The value of the managed security market looks set to grow from $1.5bn in 2002 to $3.7bn in 2008, if preditions from the Yankee Group are correct.

It is anticipated that Active CounterMeasures managed security services will become available towards the end of 2004.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing