Managing enterprise risk in a new era of security threats

Take a holistic approach to securing information, applications, devices and networks.

A holistic approach to enterprise security

Get started today:

• Read HP’s “Rethinking Your Enterprise Security: Essential imperatives to consider” white paper (PDF, 1.4MB)

The pace of change is always accelerating—consumer and professional lives have become one and the same. Governments and enterprises must meet citizens’ and customers’ rising expectations in an instant. Technology is the answer, but also introduces new forms of risk.

You have to take risks to get ahead in an Instant-On world. But risk has to be balanced with proper controls.

Enterprise security is more than just perimeter security

The challenges facing chief information security officers (CISOs) today are more complex than securing the organization’s perimeter. This is thanks to consumerization, mobility, the cloud, cyber threats and the rise of social media. The Instant-On Enterprise needs a new approach to enterprise security. It must address information security management, security operations and discrete security capabilities for different areas of the organization.

While evolving business models, technology advancements and the changing workforce provide opportunities for growth, security threats continue to multiply. Threats are becoming more sophisticated and more expensive. C-level executives certainly have security on their radar. But they aren’t always certain that their organizations are managing risk effectively.

Rising cost of cybercrime

The Ponemon Institute found that the median annualized cost of cybercrime incurred in 2011 reached $5.9 million.¹ This represents a 56 percent increase from the median cost reported in 2010.²

The longer it takes to resolve a cyber attack, the higher the cost. In 2011, Ponemon found that the average time to resolve a cyber attack was 18 days, with an average cost of nearly $416,000. This represents a nearly 70 percent increase from the estimated cost in 2010.

Wanted: A new approach to enterprise security

The Ponemon research and another recent study both support the need for a new approach to enterprise security. In July 2011, Coleman-Parkes Research surveyed 550 senior executives worldwide. On a 1-10 scale, 46 percent of senior business leaders rated enterprise security 8 or above as a priority for 2012. (Fifty-six percent of tech executives gave it 8 or higher.)³

But those surveyed were not always confident that they were taking the right steps to mitigate risk. Less than 30 percent said they were “very confident” that their organizations were well defended against mounting threats. And almost 1 in 4 executives indicated they had experienced internal breaches. Twenty percent experienced external breaches. More than 90 percent of all cybercrime costs were attributed to malicious code, denial of service, stolen devices and Web-based attacks.

See how HP Enterprise Security solutions protect Paul McCartney’s priceless collection

A holistic approach to enterprise security

Managing risk is a core requirement for the Instant-On Enterprise. But because enterprise security has traditionally been a project afterthought, many organizations are stuck supporting a patchwork of unrelated security products and uncoordinated processes. This is problematic from a maintenance point of view, of course. Worse, the new breed of cyber threats targets the holes between point products, and the gaps between disparate processes. It’s no longer good enough to secure things on a project basis.

The Instant-On Enterprise relies on technology to innovate, maintain agility, optimize all systems and—of course—manage risk.

HP Enterprise Security Solutions provide a clear framework and layered system of defense. HP recommends a sustainable approach to securing your enterprise across data, applications, devices and networks. This approach encompasses four phases:

• Assess your enterprise risk tolerance profile, compliance requirements, operational requirements, organizational capabilities and resources.
• Transform your organization’s ability to move from a siloed, fragmented approach, to a more holistic, integrated and automated approach.
• Manage security in the most cost-effective way possible, adopting best-of-breed security technologies and flexible sourcing models.
• Optimize by continually monitoring the environment to proactively implement operational and process improvements.

Assess your security situation

The HP Enterprise Security Discovery Workshop helps you assess your environment and identify your biggest security challenges and organizational risk tolerance. It also pinpoints where you are in the security maturity model. Ultimately, HP helps your enterprise articulate a transformation plan to achieve a secure enterprise. Find out more.

Transform your approach to enterprise security

HP technology can be pivotal in helping you transform your security environment. The HP Security Intelligence and Risk Management (SIRM) platform is an advanced integration and correlation engine that looks for threat patterns across hundreds of input sources. That means log files, application security intelligence, firewall and intrusion detection and protection services data.

New and enhanced HP solutions that play a role in the transformation phase and are part of the SIRM platform include:

• ArcSight Express 3.0: Helps detect and prevent cyber threats through the advanced log analysis, correlation and reporting powered by the CORR Engine. CORR expands the number of events processed per second by 500 percent,⁴ resulting in faster analysis and detection. It also expands the amount of data storable and searchable on each ArcSight appliance by 1,000 percent⁴. This, in turn, reduces costs.
• HP Fortify Security Center: Provides the means to identify and remove application vulnerabilities from the outset.
• HP TippingPoint Reporting and Archiving powered by Logger: Provides a complete picture of HP TippingPoint IPS activity in your environment so you understand your security status and threats at all times.

Manage enterprise security

Three solutions factor largely in the management phase of the HP approach to enterprise security:

• HP Security Information and Event Management Services: Provide the full correlated security event handling capabilities of industry-leading HP ArcSight to the market as a multi-tenant service. Get more information.
• HP Enterprise Cloud Services for End Point Threat Management: Delivers anti-virus and anti-malware capabilities to secure desktops, laptops and servers, reducing security risks and securing vulnerable end points. Find out more.
• HP Application Security Testing-as-a-Service: Closes security holes in the application layer.

Optimize enterprise security to become Instant-On

Securing your enterprise is not a do-it-once-and-you’re-done undertaking. You must implement the right combination of solutions and services. Then you want to optimize your security posture to ensure continued risk management, compliance and data protection.

HP Secure Boardroom gives your organization a comprehensive view of the overall security and risk programs. You can drill down into specific security controls and functions. HP Secure Boardroom offers you an unprecedented view of your organization’s security situation so you can make strategic investment and management decisions that lower total enterprise risk. Get more information.

HP can help your enterprise manage risk sustainably and holistically—putting you that much closer to becoming an Instant-On Enterprise.