HP is introducing a service that correlates security events to their likely impact on business goals with the objective of helping IT security pros jump on the most dangerous threats sooner.
HP Security Metrics Service calls for consultants to map designated business objectives to threats and vulnerabilities so they can be tied into a correlation engine that detects threats and warns about them.
The service requires HP’s IT Executive Scorecard running on a SQL server and an event-correlation engine such as HP’s ArcSight security intelligence platform, the company says.
For example, a business might want to make sure its customer-retention program keeps functioning well, so would use the service to identify its Web-facing assets related to that business goal. It would identify potential threats and assign them a risk factor so when a particular threat arises, IT pros are notified about it and its potential impact on customer-retention.
Business units can identify the business goals most important to them – such as cost management or compliance risk - then have potential threats to those goals monitored and reported on. HP has 136 of these goals identified and the threats that might affect them.
Key risk components include known threats, malware, vulnerabilities, levels of spam and phishing and attempted unauthorized access, HP says.
Pricing for HP Security metrics depends on the number of people using the service and how many consultants are required to fulfill the client’s needs, HP says. It is available now in the U.S. and Europe and will be available globally.
Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at firstname.lastname@example.org and follow him on Twitter @Tim_Greene.