HP announced an application security analysis tool that can discover the root cause of software vulnerabilities by observing attacks in real time.
Hewlett-Packard expanded its
security solutions with a new real-time analysis tool based on the company's
Fortify acquisition.
The new HP Fortify Real-Time
Hybrid Analysis allows organizations to discover the root cause of software
vulnerabilities by observing attacks in real time, HP said April 12. With
real-time analysis, organizations can proactively reduce business risk and
minimize the time spent finding the vulnerability after an attack.
Security vulnerabilities,
such as SQL-injection bugs, can be included at any time during application
design, development, testing and maintenance, so it is important for
organizations to be able to find and detect them as quickly as possible.
"HP Fortify brings together
the correlation of static and dynamic analysis," Subbu Iyer, senior director of
products, application lifecycle management at HP Software, told eWEEK.
The real-time product can
observe an attack while it's in progress and identify what kind of attack it
is. It then examines the application source code to identify which line
contains the vulnerability and flags it so that developers can fix it.
HP Fortify Real-Time Hybrid
Analysis can be used with the new HP Fortify 360 v3.0 and HP Application
Security Center 9.0 for broader security coverage, Iyer said.
With HP Fortify 360 Server,
organizations can assess existing code for threat vulnerabilities and
compliance violations before a security attack. The information collected is
then flagged and prioritized, so that development teams can work with the
application owners to assess the risks of fixing the issues versus delaying the
repair.
HP also announced new
versions of its WebInspect vulnerability analysis and HP Assessment Management
Platform applications. WebInspect 9.0 includes new macro recording and session-management
features.
These tools can be used to
automate application testing to ensure the security holes have been closed.
It allows the organization
to take "informed risks," Iyer said. When there are a limited number of
developers available, it is important to be able to see a prioritized list of
vulnerabilities. With the HP Fortify platform, it is possible to prioritize
based on business needs or even urgency, Iyer said. The analysis tools can
determine whether a bug can wait a week before fixing or if it needs to be done
in days.
The real-time analysis
system can also take into account the existing deployment cycle to determine
whether the detected vulnerability has already been fixed in a scheduled code
update, Iyer said
A recent study of more than
150 organizations conducted by Aberdeen Group found that the average total cost
to remediate a single application-security incident is approximately
$300,000.
The real-time analysis
platform is the first real integration of HP's security efforts with the assets
gained from HP's
Fortify acquisition in August 2010. HP and Fortify had been collaborating
on security even before the acquisition.
The new HP Fortify releases
are offered through multiple delivery models, including on-premise, on-demand
software as a service and as managed services.
HP is planning on expanding
real-time analysis for production-monitoring systems, Iyer said. These new
security products are elements of the HP Security Intelligence and Risk
Management Framework.
Email
Print
