HP ESP security integrations, pt 2: Dynamic protection with HP Fortify and TippingPoint

WI to TP.pngCommunication of vulnerability information remains a key challenge of the security industry on a variety of levels.  On the product level, a lack of communication can be the difference between preventing a successful attack or not. Nothing quite reveals this potential hole like applications.  Application security requires constant testing and reevaluation because of frequently changing variables.  What unintended security consequences did change X cause? What old technology is suddenly vulnerable to a new attack? What unintended access points did our developers inadvertently leave open? So, dynamic application security testing of production applications is a key component of achieving software security, especially when considering applications remain the number one reason organizations suffer successful data breaches.  Utilizing the information discovered by application testing can be tricky, though.

 

For instance, what happens between the time you discover an application vulnerability and can actually fix it in production code? For most organizations, it’s a white knuckle moment because the chances of it being actively exploited are high and fixes in production code can take weeks to implement. In other words, you’re exposed. However, customers of HP Fortify and HP TippingPoint can respond dynamically to newly discovered threats and protect themselves during this critical time via the creation of custom virtual patches. How does this process work? Quite simply, actually. HP WebInspect can perform an automated penetration test of a production web application to determine what vulnerabilities it is susceptible to. Information about the vulnerability will include how it’s executed, its implications, and how to fix it.  It can then export that vulnerability information in a format HP TippingPoint Security Management System can understand. HP TippingPoint SMS can then activate and distribute custom filters to managed TippingPoint products to protect against the vulnerabilities discovered during the HP WebInspect dynamic security scan.

 

The advantages of this integration are several. For obvious starters, this provides protection during the time it takes for development to craft fixes for the vulnerabilities. Sometimes code fixes are not easy to implement in a timely fashion.  In a world where even one vulnerability can lead to a complete compromise, the importance of being able to virtually patch vulnerabilities can’t be understated. Another advantage is the simplicity with which the software solutions can be implemented. These virtual patches can be created with a few simple clicks. As well, these integrations are out of the box, meaning no extra licensing is required. Finally, these integrations also serve as part of a larger strategy within HP ESP.  Bringing together different security technologies to create a holistic method of security that realistically deals with how attacks occur in the real world is the driving impetus and ultimate goal behind what we do here. And products that share information is a key part of that.

 

To watch a more in depth demonstration of how integrated HP Fortify and HP TippingPointtechnology can protect an organization from critical vulnerabilities like SQL Injection, watch the video at the following link:

http://1drv.ms/1qUVOhT

 

 

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.