HP has announced a new research organization designed to help organizations better understand the evolving threat landscape and build an effective defense strategy against cybercriminals, hacktivists and other forms of cyber attack. The company also released its annual HP Cyber Security Report, providing insight into the vulnerability landscape with a range of data covering technologies such as web and mobile. Along with that news, HP Enterprise Services has emerged with the first of several reports that demonstrate the need for a significant shift in the way enterprises protect their information, as well as services that enable clients to more quickly assess risks and create an information risk control plan.
“Organizations need the latest in security research to effectively prevent, detect and combat the growing number of sophisticated threats,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP. “HP empowers clients to address the most advanced threats by combining access to a global network of security experts and published research with the power of that expertise built directly into our products and services.”
The HP Security Research (HPSR) unit was formed in response to the growing need for actionable security intelligence and they will be providing continual security reports, threat briefings, and providing enhancements to the HP security product portfolio. The unit is part HP’s Enterprise Security Products (ESP) business and has the resources of the company’s research groups such as Fortify and DVLabs. Together the effort will represent the most relevant vulnerability information along with emerging software security practices. Another interesting element in the announcement was the Zero Day Initiative (DVI) which is aimed at exposing the software flaws that lead to cyberattacks and security breaches.
As mentioned, the HPSR unit will also be utilized in the development of HP’s security product portfolio. HP wields a number of leading security technologies, from ArcSight’s monitoring to their enhanced HP Reputation Security Monitor, the strategy aims to yield massive benefits to the security ecosystem.
The security report was filled with incredible intelligence points and provides lots of knowledge to analyze. Some of the highlights:
- Total vulnerabilities are on the rise
– Disclosures grew 19 percent from 6,844 in 2011 to 8,137 in 2012
– 2012 disclosures remain 19 percent lower than the peak in 2006
- Critical vulnerabilities declined, but still pose significant risk
– Critical vulnerabilities fell from 23 percent in 2011 to 20 percent in 2012
– One in five vulnerabilities still give attackers total control of their target
- Well-known web vulnerabilities remain prevalent in 2012
– Four web vulnerability categories made up 40 percent of 2012 reports
- Vulnerabilities exploited by clickjacking are still ubiquitous
– Less than 1 percent of URLs tested leverage standard mitigation after more than a decade
- The rate of mobile vulnerabilities continues to increase rapidly
– Mobile vulnerabilities rose 68 percent from 158 in 2011 to 266 in 2012
– 48 percent of mobile applications tested in 2012 gave unauthorized access
- Mature technologies introduce continued and evolving risk
– Vulnerabilities in SCADA systems rose 768 percent from only 22 in 2008 to 191 in 2012
Considering all the announcements that HP has put out already this year, they are really stepping forward with products, services and leadership that is required in today’s world of threats.