Software // Enterprise Applications
News
6/19/2007
09:37 AM
Connect Directly
RSS
E-Mail
50%
50%

HP To Buy SPI Dynamics, Boost Web App Security Offerings

The acquisition comes the same day HP introduced a number of security initiatives designed to help promote its diversification into several key areas of security.

In a move that went against its own stated intentions, Hewlett-Packard announced plans Tuesday to buy Web application security provider SPI Dynamics. HP is calling it an "IT application quality management" move, but SPI is well known in security circles for its automated Web application testing tools, which are designed to protect companies and their data from Web-based attacks.

Headquartered in Atlanta, privately held SPI Dynamics has 140 employees and serves more than 1,000 customers in the federal government, financial services, and health care industries, including HP. While financial terms of the transaction weren't disclosed, the acquisition is expected to close during the third quarter of this year. At that time, SPI will be integrated into the software unit within HP's Technology Solutions Group.

The acquisition comes the same day HP introduced a number of security initiatives designed to help it promote the company's diversification into several key areas of security and give HP a larger share of a market for security products and services that IDC predicts will reach $66.6 billion by 2010. HP on Tuesday unveiled its HP Secure Advantage portfolio of servers, storage, software, and services designed to help customers securely share information, improve identity management and compliance controls, ensure business continuity, and defend against network attacks.

Despite the move to buy SPI and to launch a number of security initiatives, "our intent is not to become a security provider or a security player," Chris Whitener, director of security in HP's Enterprise Storage and Servers group, told InformationWeek last week. "We're not going out and spending millions of dollars to buy a security company. We are reinforcing openness within HP's systems."

With IBM, EMC, Cisco, Oracle, and other large IT players making strategic moves to deepen their security offerings, HP was keeping its cards close to the vest until now. For example, IBM announced plans last week to boost its Web app security offerings through the purchase of Watchfire.

HP Secure includes HP Compliance Log Warehouse, a general-purpose, high-performance appliance based on the company's Integrity server technology that performs high-speed collection and analysis of log data in order to automate compliance reporting for many industry and government standards, including SOX, HIPAA, PCI, and FFIEC. The appliance's Log and Analysis Manager, which includes a real-time alert manager module based on SenSage technology, performs high-speed analysis of security event data for internal and external audits or forensic investigations. It also scans log record data in real time for policy enforcement. Alerts then go to trained personnel for further investigation and action.

HP's new security strategy also includes its Information Security Service Management reference model from HP Services, which is designed to guide organizations toward managing and mitigating operational risks. This reference model is part of the new HP Service Management Framework, which provides a common language based on international standards ITIL v3, CMMI, CoBit v4, ISO/IEC 20000, and ISO 27001 to help customers achieve continuous alignment between business and IT, and deliver IT services at defined service levels, quality, and costs.

The HP Secure Advantage portfolio's data-protection capabilities also include AES 256-bit encryption as part of the new HP StorageWorks LTO-4 Ultrium1840 backup tape drives. Also offered through Secure Advantage is the HP Anti-phishing Toolbar, a two-factor authentication technology designed to help protect users from online fraud. Developed by researchers at HP Labs, the toolbar is expected to help users manage their passwords and user names and makes phishing more difficult by calculating a unique password from information provided by the user, the user's browser, and the site being visited.

A final component of HP's security announcements for Tuesday is HP Identity Center, a software package designed to help with the management of people, processes, security, and compliance. The software includes components for centralized management and provisioning of users' accounts, passwords, and privileges across disparate IT systems and services as well as software for policy- and role-based access control and single sign-on for Web applications and services.

"Moving an $80 billion company in the direction of security is no small task," Whitener said. "We wanted to have some products on the road map."

With the addition of SPI, HP would have a host of new security products to offer and would be taking one of the hottest young security companies off the market.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.