Enterprise Services Blog
Get the latest thought leadership and information about the role of Enterprise Services in an increasingly interconnected world at HP Communities.

Put on your enterprise armor: Security Announcement and Cyber Risk Report 2013

The impending threat and fear of a security breach grows daily. “Adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface,” said Jacob West, chief technology officer, Enterprise Security Products, HP. However, as opposition grows so does the resolve of enterprise to win this battle. The RSA conference allows companies to share security intelligence and tactics in order to disrupt malicious activity.

 

Prior to the RSA conference, HP published the Cyber Risk Report 2013, identifying top enterprise security vulnerabilities and providing analysis of the expanding threat landscape. 

 

RSA-Marquee-2.jpgTop highlights and key findings:

  • Inconsistent and varying definitions of “malware” complicate risk analysis. In an examination of more than 500,000 mobile applications for Android, HP found major discrepancies between how antivirus engines and mobile platform vendors classify malware.(1)
  • Nearly 80 percent(2) of applications reviewed contained vulnerabilities rooted outside their source code. Even expertly coded software can be dangerously vulnerable if misconfigured.
  • Forty-six percent(2) of mobile applications studied use encryption improperly. HP research shows that mobile developers often fail to use encryption when storing sensitive data on mobile devices, rely on weak algorithms to do so, or misuse stronger encryption capabilities, rendering them ineffective.

 

Key recommendations:

  • Organizations and developers alike must stay cognizant of security pitfalls in frameworks and other third-party code, particularly for hybrid mobile development platforms. Robust security guidelines must be enacted to protect the integrity of applications and the privacy of users.
  • While it is impossible to eliminate the attack surface without sacrificing functionality, a combination of the right people, processes and technology does allow organizations to effectively minimize the vulnerabilities surrounding it and dramatically reduce overall risk.

 

Responding to such threats and the concerns it causes, while at RSA Conference, HP Enterprise Security announced: HP Rapid Incident Response Service. Here are three things you need to know about how this combination of hardware, security services, and software can provide rapid, onsite digital investigations and forensics:

 

1)      It addresses four specific issues clients face: Lack of threat visibility that allows attack payloads to operate unobserved for weeks before being discovered, lack of resources to identify attacks and rapidly respond, lagging skill sets of existing IT staff to address attacks, significant reputation, financial, and regulatory concerns related to successful breach.

 

2)      Main benefits:

-Rapid, real-time breach response:  rapidly deploys HPESS experts with state-of-the-art hardware, software and ArcSight SIEM to triage the situation, quarantine the incident, remove the attack and restore operations. 

-Improve visibility:  when installed as a dedicated solution, customers gain ongoing visibility, incident identification, qualified analysis and escalation for immediate action. 

-Damage Control:  the consequences of a breach are costly, impacting reputation, shareholder value, customer loyalty, revenue and legal/compliance penalties and fines.  HP Rapid Incident Response Services minimize the impact of a breach, helping clients reduce their exposure to those consequences at the source of the infection.

 

3)      It is available in all regions as of last month, February 2014!

 

Protect your business, and customers, with the strongest defense possible—what you’ll learn from industry experts.

____________________________________________________________________________________

1)HP Fortify on Demand findings included in the Cyber Risk Report 2013, p. 24

2)Cyber Risk Report 2013, p. 4-5

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation