HP To Buy SPI Dynamics, Boost Web App Security Offerings

The acquisition comes the same day HP introduced a number of security initiatives designed to help promote its diversification into several key areas of security.

Larry Greenemeier, Contributor

June 19, 2007

4 Min Read
InformationWeek logo in a gray background | InformationWeek

In a move that went against its own stated intentions, Hewlett-Packard announced plans Tuesday to buy Web application security provider SPI Dynamics. HP is calling it an "IT application quality management" move, but SPI is well known in security circles for its automated Web application testing tools, which are designed to protect companies and their data from Web-based attacks.

Headquartered in Atlanta, privately held SPI Dynamics has 140 employees and serves more than 1,000 customers in the federal government, financial services, and health care industries, including HP. While financial terms of the transaction weren't disclosed, the acquisition is expected to close during the third quarter of this year. At that time, SPI will be integrated into the software unit within HP's Technology Solutions Group.

The acquisition comes the same day HP introduced a number of security initiatives designed to help it promote the company's diversification into several key areas of security and give HP a larger share of a market for security products and services that IDC predicts will reach $66.6 billion by 2010. HP on Tuesday unveiled its HP Secure Advantage portfolio of servers, storage, software, and services designed to help customers securely share information, improve identity management and compliance controls, ensure business continuity, and defend against network attacks.

Despite the move to buy SPI and to launch a number of security initiatives, "our intent is not to become a security provider or a security player," Chris Whitener, director of security in HP's Enterprise Storage and Servers group, told InformationWeek last week. "We're not going out and spending millions of dollars to buy a security company. We are reinforcing openness within HP's systems."

With IBM, EMC, Cisco, Oracle, and other large IT players making strategic moves to deepen their security offerings, HP was keeping its cards close to the vest until now. For example, IBM announced plans last week to boost its Web app security offerings through the purchase of Watchfire.

HP Secure includes HP Compliance Log Warehouse, a general-purpose, high-performance appliance based on the company's Integrity server technology that performs high-speed collection and analysis of log data in order to automate compliance reporting for many industry and government standards, including SOX, HIPAA, PCI, and FFIEC. The appliance's Log and Analysis Manager, which includes a real-time alert manager module based on SenSage technology, performs high-speed analysis of security event data for internal and external audits or forensic investigations. It also scans log record data in real time for policy enforcement. Alerts then go to trained personnel for further investigation and action.

HP's new security strategy also includes its Information Security Service Management reference model from HP Services, which is designed to guide organizations toward managing and mitigating operational risks. This reference model is part of the new HP Service Management Framework, which provides a common language based on international standards ITIL v3, CMMI, CoBit v4, ISO/IEC 20000, and ISO 27001 to help customers achieve continuous alignment between business and IT, and deliver IT services at defined service levels, quality, and costs.

The HP Secure Advantage portfolio's data-protection capabilities also include AES 256-bit encryption as part of the new HP StorageWorks LTO-4 Ultrium1840 backup tape drives. Also offered through Secure Advantage is the HP Anti-phishing Toolbar, a two-factor authentication technology designed to help protect users from online fraud. Developed by researchers at HP Labs, the toolbar is expected to help users manage their passwords and user names and makes phishing more difficult by calculating a unique password from information provided by the user, the user's browser, and the site being visited.

A final component of HP's security announcements for Tuesday is HP Identity Center, a software package designed to help with the management of people, processes, security, and compliance. The software includes components for centralized management and provisioning of users' accounts, passwords, and privileges across disparate IT systems and services as well as software for policy- and role-based access control and single sign-on for Web applications and services.

"Moving an $80 billion company in the direction of security is no small task," Whitener said. "We wanted to have some products on the road map."

With the addition of SPI, HP would have a host of new security products to offer and would be taking one of the hottest young security companies off the market.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights