HP plans to offer a security vulnerability scanning and remediation service by year’s end that's designed to help companies identify and fix weak spots on their networks.
The as-yet-unnamed service would be based on technology called Active Countermeasures, which HP had been testing internally for more than two years, according to vice-president and chief technology officer at the HP Services business unit, Tony Redmond.
The scanning tools will allow IT managers to identify flaws in any devices on their networks, including servers, PCs and "transiently" connected products such as handheld computers, Redmond said.
It can also protect networks via measures such as installing patches, imposing network access restrictions or quarantining vulnerable or infected systems.
The move by HP will put it in a crowded field. IBM, Computer Associates and IT security vendors such as Internet Security Systems and Qualys offer similar services or products for automated vulnerability assessment, discovery, remediation and reporting.
Whether HP would have an advantage over its rivals would depend on the specifics of its offering, said Rusty Robinson, a technical manager at Intrado, a provider of infrastructure systems and services.
HP would just be one more company in the marketplace to get those services from, he said.
The fact that HP was among the larger vendors to offer such a service is noteworthy, director of information services at Advanced Fibre Communications, David Krauthamer, said.
"The market has been pretty niche so far," Krauthamer said. "HP can certainly bring their clout and scale to the market."
But the fairly wide access to internal systems that HP or other providers of such services would need makes the offering a no-go at Danfoss, systems programmer, Brian Andersen, said.
Danfoss did its own vulnerability testing, a job it wanted to keep in-house so it knew what was going on and how to fix it, Andersen said.
The new service isn't HP's first foray into IT security. Since last September, it has bought security tools through acquisitions of Baltimore Technologies, Novadigm and TruLogica.
But so far, HP had done a poor job of articulating how it plans to use the technologies to benefit users, an analyst at Spire Security, Pete Lindstrom, said.
"HP could probably be a formidable player if they wanted to," Lindstrom said.
But, he added, HP seemed to wax and wane in the security space.
Less than a year after the Baltimore Technologies purchase, for instance, you just didn't hear about the technology anymore, he said. Raymond said HP planned to roll out a suite of identity management tools next year based on technology from Baltimore and TruLogica.
It also was setting up a Trusted Computing initiative designed to deliver securely configured hardware and software to users, he said.