Announcing a range of security products and partnerships designed to position HP as a serious security player, Tony Redmond, CTO of HP Services, said virus throttling software is being tested internally on production servers at HP already.
Security technology has been always about the perimeter, with firewalls, IDS, DMZs, Redmond told ComputerWire. Now the problem we’re all looking at is what to do when something gets past the perimeter.
Installed on servers and switches and, later, PCs, the software is designed to detect network worms at the network driver level, and to gradually squeeze the amount of bandwidth available to those processes, potentially limiting propagation.
It relies upon observing the behavior of normal network traffic and then spotting aberrations that could indicate a zero day threat a network worm that does not target a known issue – and therefore does not need signatures, Redmond said.
The software could help mitigate the impact of worms such as Slammer, the SQL Server worm that, according to Redmond, infected 75,000 computers internationally within 31 minutes of its release into the wild.
The company is currently fine-tuning the software to eliminate false positives, both in production and at HP’s virus lab in Bristol, UK. The server and switch versions will be available early next year. A PC version aimed at consumers is possible after that.
The news came as HP sought to style itself as a source for security expertise, with the announcement of a number of new products and several new or extended partnerships.
In the enterprise space, HP is to OEM identity federation software from Trustgenix Inc under its own brand. HP OpenView Select Federation will be sold alongside Select Access access control and Select Identity provisioning software.
The deal means the company’s SAML server will be end-of-lifed, according to security solutions architect Doug Brown. It also puts a big red flashing question mark over HP’s very-similar year-old deal with Trustgenix rival Ping Identity Corp.
Brown said Trustgenix’s software will enable HP customers to connect their identity repositories across company boundaries using Liberty and WS standards, regardless of whose identity management software is in use. We will no longer force corporations to buy our whole suite, he said.
HP is also partnering with Sygate Inc to offer host intrusion prevention on its Windows XP Embedded-based line of thin clients. The low-footprint embedded version of Sygate Security Agent will be preinstalled on HP Compaq t5700 devices, the firm said.
The Sygate software is better at protecting the machines than the firewall component offered by Microsoft Corp in the latest version of XP Embedded and used by competing thin clients, according to HP marketing manager Roger Coo.
There’s also a revenue opportunity. The embedded Sygate looks for intrusion attempts based on behavior and signatures. HP will give the software away at no charge, but will ask a subscription fee from customer who want to keep up-to-date with the signatures.
In another set of announcements HP revealed a security blueprint for small and medium sized enterprises, which appears to be essentially a sales tool for the channel, through which HP drives over 90% of its SMB sales.
The blueprint sketches out six layers of security from physical security to risk management and suggests HP or bundled third-party products or services at each layer.
Client antivirus, for example, is handled by a 90-day free Norton Anti-Virus license, bundled with HP PCs. HP’s ProLiant Small Business Server will carry antivirus and antispam software from Trend Micro Inc.
There are a couple of holes in the blueprint no personal firewalls or host intrusion prevention for example but Nigel Ball, VP of HP’s SMB group, said that these will be plugged over time as HP inks more partnerships.
