Application Security Analysis Service finds defects early on.
Press Release Summary:
HP Comprehensive Applications Threat Analysis helps companies reduce vulnerabilities at onset of application development lifecycle. It provides architectural and design guidance and recommendations for security controls and best practices. Security Requirements Gap Analysis examines applications to identify requirements of relevant laws, regulations, or practices, while Architectural Threat Analysis capability reduces need for rework such as security scans and penetration tests.
Original Press Release:
HP Helps Organizations Dramatically Reduce Security Vulnerabilities and Compliance Costs
Early life cycle security analysis is industry's first to address
latent defects in applications and architecture
PALO ALTO, Calif. - HP today announced a new security service to
help companies reduce vulnerabilities at the onset of the application development
life cycle, thereby reducing the risk of millions of dollars in penalties and patches.
The HP Comprehensive Applications Threat Analysis, available worldwide, is the
industry's first early life cycle security assessment service that increases security
assurance by addressing latent defects in applications and architecture.
The service provides architectural as well as design guidance alongside
recommendations for security controls and best practices. Companies can then
implement recommendations from the assessment's comprehensive findings report to
reduce costs associated with vulnerability rework and potential defects while
minimizing the need for post-release updates to address security flaws.
As part of the HP Secure Advantage portfolio, the service helps organizations better
address security and regulatory needs. It also defends against attacks while
reducing the total cost of application ownership. The service is an integral part of
the HP Cyber Security portfolio, which helps organizations leverage advances in
technology and share information securely while protecting sensitive information
and critical infrastructure.
"Customers are under increasing pressure from threats that exploit security
weaknesses that were either missed or insufficiently addressed during early life
cycle phases," said Chris Whitener, chief security strategist, Secure Advantage, HP.
"The HP Comprehensive Applications Threat Analysis service helps organizations
reduce hidden weaknesses early in the assessment process and provides
recommended mitigation strategies and secure design principles."
The new service offering provides the following capabilities for increased security
assurance:
- The Security Requirements Gap Analysis provides clients with access to
valuable security expertise and the tools to fix and avoid security issues. This
capability closely examines applications to identify often-missed technical
security requirements imposed by relevant laws, regulations or practices.
- The Architectural Threat Analysis reduces client rework costs resulting from
security scans, penetration tests and other vulnerability-finding activities. This
capability identifies changes in application architecture to reduce the risk of
latent security defects.
"HP efficiently provided the Comprehensive Applications Threat Analysis service
and reliable security advice. During the security assessment, the HP team identified
risks and proposed solutions to mitigate current and future vulnerabilities," said
Wallace B. Rodgers, program manager, E-Government, State of Oregon. "We
implemented the HP-proposed solutions and are extremely pleased with the security
quality assessment as well as recommendations."
HP is the market leader in security products and services covering the entire
application development life cycle from design to production. In addition to the
Comprehensive Applications Threat Analysis service, HP offers HP Quality Center
for security requirements, HP Application Security Center for web application
vulnerability testing and HP Application Security Center of Excellence (CoE)
Services to help organizations develop an application security program.
These software and services from HP ensure applications remain secure throughout
the development, testing, production and operation phases, as well as help
organizations develop their application security. Additionally, the HP Secure
Advantage portfolio delivers extensive expertise to meet customers' diverse security
needs while helping them reduce complexity, risk and cost.
More information on HP's security portfolio is available at http://www.hp.com/go/security.
About HP
HP creates new possibilities for technology to have a meaningful impact on people,
businesses, governments and society. The world's largest technology company, HP
brings together a portfolio that spans printing, personal computing, software,
services and IT infrastructure to solve customer problems. More information about
HP (NYSE: HPQ) is available at http://www.hp.com/.
