HP showcases security software that look to detect infected and compromised computers

At its HP Protect Conference in Washington, D.C. this week, HP is taking the wraps off new security products that aim to detect infected and compromised machines as well as server-based software that makes use of so-called “run-time” self-protection to keep from getting infected in the first place.

HP Enterprise Security Products announced HP Application Defender, software that when loaded as an agent onto Web or application servers, can detect and block attempts to exploit code vulnerabilities through the use of a technology known as “runtime application self-protection” (RASP). The Gartner consultancy says RASP products constitute a new security approach evident for only the past two years in which security software basically works as an instrumentation of runtime in servers or clients to protect against attacks such as SQL injection, cross-site scripting and unauthorized access.

+ More on Network World: Will perimeter firewalls give way to ‘RASP’? +

“RASP could replace web application firewall security and this could be your primary source of defense for your web servers,” says Frank Mong, vice president of solutions at HP Enterprise Security products.

Web application firewalls are often used in front of servers to protect them from a variety of attacks, but RASP software is loaded directly into .Net or Java applications as a runtime agent that can detect attacks in real-time on what might be unpatched vulnerabilities and block them.

Frank Mong, vice president of solutions at HP Enterprise Security Products

Gartner says other vendors besides HP in the nascent RASP market include Prevoty, Shape Security, Waratek, Bluebox and Lacoon Mobile Security. HP didn’t detail exactly when HP Application Defender would be available but HP is showing it off at the HP Protect Conference this week, attended by several thousand HP security customers.

A second new approach to security that HP will be presenting for the first time is what HP calls Advanced Threat Appliance DNS. It’s basically a “DNS sniffer,” says Mong in that the appliance can detect what user machine has become infected by determining that the browser has been inappropriately re-directed by malicious code, a common occurrence. Mong says HP developed the DNS-based threat-detection appliance in-house for its own use to protect many thousands of HP employees and their devices. The appliance is providing real-time insight into “patient zero, the first one infected” for HP and quick remediation can be taken, says Mong. The threat-detection appliance is not yet commercialized but HP anticipates that will occur in about the next month.


Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022