Myriad security solutions of varying complexity have been flooding the market for years, yet there remains "critical gaps" in today's infrastructure that still allow some viruses and worms to penetrate the normal defenses provided by antivirus, intrusion prevention/detection, patch management and vulnerability assessment tools. Businesses are increasingly recognizing this "reactive security" reality. According to Keith Millar, Master Technologist at the Hewlett-Packard (HP) Security Strategy Office, some of the top security issues for companies/organizations include:
- using security as a risk management tool by starting with a comprehensive evaluation of all IT assets (data, Intellectual Property, IT resources, etc.) and doing a proper analysis of threats and vulnerabilities against those assets;
- compliance to emerging legislation and regulations requires formal security and privacy processes and associated audit capabilities; and
- vulnerability management with a balanced mix of remediation, mitigation and permanent defenses.
HP' Security Strategy
HP's security strategy focuses on four key areas: Identity and Access Management, Proactive Security Management and Trusted Infrastructures, and Security Governance. For leading security point-solutions, HP takes the partner route, while also focusing on its own R&D efforts on the gaps and uncovered areas to complement what exists in the security industry today. HP's customers expect solutions and services that work across heterogeneous environments and therefore, HP works with international standards bodies to create security standards that will ensure interoperability across different customer environments.
HP's New Security Technology: HP Active Countermeasures (HP-AC) Service
HP-AC was invented in HP Labs and has been used for more than four years to protect HP. It is a proactive, tool-based service that gives customers the new capability to take specific, immediate mitigating action against specific, most-critical vulnerabilities in order to protect an organization's/company's whole IT infrastructure before attacks occur, says Keith Millar. He also points out that it works differently from other solutions in that HP-AC focuses on the few, specific, critical vulnerabilities that lead to the worst server-side, remote exploitation attacks (like code red, blaster, sasser or zotob). Instead of trying to remediate with a permanent fix (e.g. patch) or block attacks when they show up at an organization's/company's networks (e.g. AntiVirus tool), HP-AC acts to quickly mitigate the vulnerability on those systems that still are vulnerable, which protects the whole infrastructure from attack. This gives the other security tools time to do their remediation and/or put a permanent defense in place.
HP-AC complements the existing security solutions of remediation (e.g. patch management and vulnerability assessment tools) and permanent defenses (e.g. antivirus, firewalls, intrusion detection systems, intrusion prevention systems) by providing a capability to take mitigation action on any vulnerable system to temporarily make a whole network safe from attack on specific, critical vulnerabilities, says Keith. HP-AC provides 'air-cover' or protection while the remediation and/or permanent defenses can increase their span of protection. Unlike remediation and permanent defensive tools, HP-AC does not use software agents or special accounts or any information about the vulnerable systems that are on a network – it just finds and mitigates the vulnerability right away.
What we’re saying is, “remediation and permanent solutions” are definitely key pieces to a proper Vulnerability & Threat Management program. However, they are not complete enough – as these major worms have demonstrated (e.g. code red, blaster, sasser, zotob) – and so HP-AC service gives customers a new capability to manage even more of the threats companies and organizations face today, opines Keith.
Remediation tools do the permanent fix and Permanent Defensive tools put up defenses against attacks when they show up... but they have gaps that have been letting some critical attacks through. According to Keith, HP-AC fills those gaps and gives a company or organization a capability to “act now” to protect their IT infrastructures. Without HP-AC, the current method for companies/organizations to cover these gaps is to physically run around and try to physically locate each and every system that is still vulnerable, then contact that system's owner, then login and make a change – that takes too long and costs too much in resources.
Keith Millar, CISSP, is a Master Technologist in Hewlett-Packard's Security Strategy Office, part of the HP CTO’s Office of Strategy & Technology. This Security Office is responsible for HP's overall security strategy across HP businesses worldwide. Keith is responsible for security management strategy, secure product development initiatives, and some internal security technology transfer programs. He has given talks on security and secure product development at some conferences.
|
