A core element of Hewlett Packard Enterprise's $8.8 billion deal spinning out and merging (the so-called spin-merge) software assets to Micro Focus is a long list of security technologies including Fortify, ArcSight, Atalla and Voltage Security. Before that deal closes, HPE is still managing and updating its security software portfolio and is using its HPE Protect conference to announce new updates.
"The announcements we are making this week include general product availability, which is not impacted by the spin-merge news," Chandra Rangan, vice president of marketing for HPE Security, told eWEEK. "We also have comprehensive product pipelines and remain enthusiastic about our roadmaps and our commitment to executing against the timelines we have communicated to customers."
Among the announcements is an integration between HPE's SecureData encryption technology that comes from Voltage Security and Atalla's Hardware Security Module (HSM). Rangan noted that HPE SecureData already integrates with other HSMs, but now customers can implement an end-to-end data protection strategy through a single vendor. In his view, by having a single vendor (HPE) provide the security software policy and the HSM, it makes it much easier for organizations to configure and enforce security policy. In addition, having a single-vendor solution can be easier for organizations to meet compliance regulations and ensure that there are no security gaps across the data life cycle, Rangan said.
"Before this integration, customers would need to work with a separate HSM vendor to protect their master keys," Rangan said. "Now that HPE SecureData and HPE Atalla HSM can seamlessly integrate, customers can implement a more cohesive approach to data security by centralizing configuration and management of encryption keys."
HPE is also announcing the ArcSight Data Platform (ADP) 2.0 release today, which provides a new event broker capability. ArcSight was acquired by Hewlett-Packard in 2010 for $1.5 billion, bringing security information and event management (SIEM) platform capabilities to HP. Rangan explained that the new event broker enables open connectivity and interaction from any data source and to any destination, at a scale of up to 1 million events per second. The event broker includes logic to help structure and enrich data, so that it can be useful for multiple use cases, including real-time correlation and deep analytics, he added.
The core technology behind the ADP 2.0 event broker comes from the open-source Apache Kafka project. "This is not a fork of the Apache Kafka project; rather, we are using open-source Apache Kafka as a component of the event broker," Rangan said.
At the Protect conference, HPE also announced a new Fortify Ecosystem and Fortify on Demand (FoD) continuous application monitoring service. HP acquired Fortify in 2010 and has been steadily expanding the static and dynamic code analysis capabilities ever since.
"We have created the HPE Fortify Ecosystem, built on open APIs, to make it much simpler for developers to integrate security testing and monitoring into the DevOps process," Rangan said.
The HPE Fortify Ecosystem is integrated with Microsoft, Docker, Chef and more than 20 other developer platforms, he added.
HPE is also expanding the FoD software-as-a-service (SaaS) code scanning platform with a new continuous monitoring capability.
"The continuous application monitoring service extends the capabilities of Fortify on Demand to scan environments for applications that the security team may not have known about or catalogued," Rangan said. "It then seamlessly allows testing of these applications through the FoD service."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.