New perspective to solve the new environmental security problems of cloud computing

Evolving business models, far-reaching technological innovations and a changing workforce bring business growth opportunities, while also implying a significant increase in security threats. Threats are becoming more complex and costly. Executives pay close attention to security issues, but do not always ensure that their companies can manage risk effectively. Traditionally, corporate security has been an afterthought, and many companies are subject to fragmented security products and disorderly processes. From a maintenance point of view, this is obviously problematic. Worse, new network threats attack vulnerabilities between single points of production and gaps between different processes. Ensuring security at the project level has not ensured the safety of the enterprise. Ponemon Cato's findings suggest that the median annual loss of cyber-crime in 2011 was $5.9 million trillion, a 56% higher than last year. At the same time, the longer the net attack is resolved, the higher the loss. In 2011, Ponemon found that the average time to defuse a cyber attack was 18 days, with an average loss of nearly 416,000 dollars, which grew by nearly 70% compared with the projected losses in 2010.

In fact, in the process of rapid transformation of enterprises, turning to informatization, mobile interconnection and cloud computing, how to solve the security problems and prevent all kinds of risks, we need to design and manage the safety risk through the transformation scheme. In this process, not only to manage the entire application security, data security, network security and data center security, but also the overall security management and IT operations, application services operations are effectively combined. At the same time, we need to combine China's policies, laws and requirements of the SFC and sign service requirements. To this end, HP proposed a set of enterprise-class security solutions, providing a clear framework and layered defense system. HP recommends a sustainable approach to ensuring the security of enterprise data, applications, devices, and networks at the core of a four-level complete solution, including assessment, transformation, management, and optimization. "HP is not going to invent the next anti-virus software or a personal firewall," Wang, director of the Asia Pacific and Japan regional market for corporate security, said in an interview with dot-com reporters. Many companies are using traditional security measures, but in a new era of mobile connectivity, cloud computing and social media, we need fresh perspectives or new ways to protect against risk. ”

Wang Jique, chief technology officer at HP's Enterprise Services division, said HP has many advantages in the ongoing process of protecting data security. First of all, from a technical point of view, HP in the assurance of information security, application security, network security, terminal security, etc. have a lot of their own research and development solutions. Second, the security of technology is not only from products and applications to solve, more importantly, HP has a lot of security experts, can combine the situation of the enterprise, know where there are security issues, know how to avoid the risk of investment. HP's DVLabs, for example, can provide long-term support for assessing vulnerabilities and risks, thus providing the experience as a service.

It is reported that HP is through the integration of ArcSight, fortify and HP TippingPoint technology, the release of a new security intelligence and risk management platform (HP secure FDI and disorientated Management , the platform provides advanced correlation analysis to find threat patterns in hundreds of input sources. These input sources include log files, application Security Intelligence, firewall and intrusion detection, and protection of service data. It also provides application protection and network defense technologies to protect applications and IT infrastructures against complex network threats. can help organizations reduce the risk of existing infrastructure, provide security testing and patching for existing applications, and lay the groundwork for deploying future systems in a secure environment. This set of solutions is more suitable for enterprises with a certain scale.

Wang said that HP can now connect more than 300 devices, can be combined with a variety of mainstream terminal products, all of these end product log information can be entered into the Siem System. HP ArcSight also developed industry standards for the CEF (Common event format, general events formats) that would enable different devices or previous systems to produce a standardized log, even without the use of connectors It is also possible to produce a uniformly identifiable log directly from the product to ensure that customers can develop it two times over.

At present, China has a large number of customers in the application of HP's security solutions. "HP has much more experience in this area than its domestic companies, such as some security libraries," he said. At the same time, HP is a ISO2001 certified Security Service provider, and many domestic institutions have not yet reached this certification. "This is the home of HP's security solutions," Wang Jique said. Wang added, "Although there are many good local companies in China that provide safe products and services, the products they offer are of a certain traditional nature, including firewalls and general network security products." In contrast, HP is now developing the next generation of products and services. HP, for example, is a handful of security companies that can provide research reports on information security and incident management, or comprehensive risk analysis. ”

HP also launched HP ArcSight Express 3.0 for SMEs. "The Enterprise Security Services Solution (ESM) is a big brother, and HP ArcSight Express 3.0 is a little brother," Wang Jique said. "It doesn't have to deal with millions of events, thousands of for small businesses." For the ESM, such as telecoms companies and banks do need to deal with a lot of network events that are not needed for small businesses, this is a solution. In addition, we can provide small and medium enterprises with outsourcing services, they can take each use, and then separate payment mode, can reduce their expenditure. ”

(Responsible editor: The good of the Legacy)