Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home

Security management
» 

HP Labs
» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» People
» Worldwide sites
» Downloads
Content starts here
security safe
 

Research opportunities

In terms of information security, we live in an ever more dangerous world.

Fresh computer viruses and worms pop up regularly, with each generation potentially creating bigger problems than the last. Hackers keep finding new ways to attack, break into and steal data from enterprise computer systems; businesses worldwide also worry about corporate espionage and cyber terrorism.

Meanwhile, networks have grown larger, more complex and more distributed. Typically, they now serve not only diverse groups of onsite users, but remote and mobile employees, and external partners as well. As a result, those networks are increasingly vulnerable to security breaches.

 

Our approach

We are tackling security from a business perspective, as well as a technical one. An enterprise has thousands of components consisting of networking hardware (firewalls, routers, switches), infrastructure components (Web, database, application, and directory servers), and applications (HR, finance, supply chain).

Each of these components has its own concept of security; for each, security is managed by different people, different organizations and different geographies. This process is expensive, error-prone and slow to adapt.

In one key effort, we are exploring techniques to allow enterprises to move away from low-level configuration processes and towards policy-driven, automated approaches to managing the security of devices and applications.

Research focus

Our goal is to help organizations protect their IT assets more effectively by automating and simplifying security management.

Current work

We are developing tools to manage against a variety of threats. Research focuses on:

  • Preventing, detecting and minimizing the damage from attacks from malicious software ('malware') embedded in files, documents and images, and mitigating against remotely exploitable threats posed by vulnerabilities found in operating systems and services.
  • Techniques to protect against 'zero-day' type attacks.
  • Combating 'bot-nets,' machines that have been compromised and taken over, then hired out to perform malicious attacks.
  • Developing skills in computer forensics.

Technical contributions

We have developed technologies that let enterprise systems automatically control how users access and process information (for instance, ensuring that no single employee is authorized to both write and approve the same purchase order -- a measure to help prevent theft or fraud).

Such capabilities are now standard components in security products such as HP's OpenView Select Identity solution.

Security & compliance

       
  » Platform & infrastructure security  
» Security management
  » Compliance management  
  » Privacy & identity management  
  » Cryptography  
       
 
 

Learn more
»  HP security solutions
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.