HP Unveils ProCurve Firewall, Security Ambitions

Lawrence Walsh,
Channel News

The pantheon of major security players includes the likes of Cisco Systems, Juniper Networks, IBM, Symantec, McAfee and even Microsoft. Missing among the noted is Hewlett-Packard, which has fielded security products over the years, but not a concerted effort to stake out a piece of the security market.

That’s changing, rapidly. Today, HP unveils its first firewall/intrusion prevention appliance based on ProCurve 8212 and 5400 Series switches. The new hardware introduction is a milestone in the HP goal of not only establishing a significant security presence, but also marks a significant step in its evolutionary to disrupt the entire security and IT infrastructure marketplace.

“We’re a new kind of security player that reduces the gaps and reduces the complexity of security,” says Chris Whitener, HP’s chief security strategist. “You’d really have to bolt together IBM, Dell and EMC to get the breadth of HP. We are the first horizontal security player.”

The ProCurve firewall launch marks HP’s most significant thrust into the security market and channels. Whitener and other HP executives say the company has plans for creating both an in-house set of security products and capabilities, as well as an ecosystem of OEM partner products and services that it and reseller partners can deliver to market.

“This is a massive opportunity,” Whitener says. “We will work with VARs and channel partners in this space in how these offerings are built and packaged for the channel, and show how they are different and will benefit our customers.”

HP has not been devoid of security products or services. Its’ OpenView management system has long been a choice application for security application developers and integrators for administrating and reporting on network security activity. It’s also developed and integrated a number of security applications and features into its PC, server and printing portfolio. Beginning a year ago, however, it embarked on a strategy of building out its security and product offerings into a more holistic portfolio.

One of the first signs of HP’s greater security ambitions came two weeks ago when it launched three new security software and service products as part of its Security Applications Centre. Probably the most significant of this initial thrust is WebInspect 8.0, an enhancement of its code testing tool that’s been augmented with technology gained through HP’s 2007acquisition of SPI Dynamics. WebInspect is used to test the security and reliability of Web 2.0 applications. Additionally, HP launched Assessment Management Platform 8.0, which is a distributed Web application security testing platform.

At the beginning of the month, HP announced a major alliance with McAfee to resell the security vendor’s entire portfolio of security products and services to HP’s enterprise customers. This means HP is able to bundle everything from McAfee’s enterprise malware protection applications to its sophisticated risk management platforms into packages with ProCurve networking gear and Proliant servers. More significant, its HP’s plans to integrate the McAfee relationship with consulting and managed services delivered by its EDS services organisation.

“EDS now has the capability for a whole series of discrete security services ranging from help desk to providing managed security services to recommending security around our hardware and software,” says Jim Alsop, vice president of service delivery operations for the security and privacy service line at EDS. “The opportunity for growth, by adding a service to the provider side is one of the biggest opportunities for my organisation.”

HP’s push into security comes just a month after its longtime ally Cisco Systems unveiled its blade server strategy and ambitions for a greater presence in the data centre hardware market. Cisco’s plans impact all of the server vendors but most particularly HP, which sells and distributes a significant amount of Cisco product through its direct and indirect channels. Several analysts and industry observers had wondered how HP would respond to the new Cisco threat. The security push might be one of the significant responses, given that Cisco generates more than $1 billion (£0.7 billion) annually in security hardware and software sales.

The security market is a crowded, disparate market, which is one of the reasons HP is expanding its presence. Whitener says HP customers buy point security products from dozens of vendors, creating complexity and cost in deployment, and a higher total cost of ownership in operations and management.

“If you come to us, we can do the security blueprint and you can still get all the pieces, but you can also call HP and get the whole shooting match,” Whitner says.

HP’s entry into the security hardware, software and services market opens the possibility for some significant and interesting scenarios among its competitors, alliances and channel partners.

While its alliance with McAfee gives HP access to a wide range of security software and hardware products not currently in its portfolio, it’s problematic for its existing relationship with Symantec. EDS reportedly sells as much as $400 million (£273 million) of Symantec’s products and services annually. Alsop says EDS is cognisant of its need to remain agnostic and deliver products that customers want, so he doesn’t anticipate substantial conflicts.

With its entry into the firewall and IPS market, HP is entering a crowded space dominated by security and technology vendors with years of experience developing security technologies and massive install bases. That means it will have to take on Cisco, Juniper Networks, Check Point Software Technologies, IBM, McAfee (Secure Computing), Fortinet, SonicWall and WatchGuard. Many of its products and services could even bring it conflict with Microsoft, which recently put its security suite ForeFront: Codename Stirling into beta 2.

And the security market isn’t getting any smaller. At the RSA Conference last week, Netgear unveiled its new ProSecure UTM10 and UTM25 appliances, a line of unified threat management. And Lenovo was exhibiting an enterprise-class unified security gateway; the KingGuard is a 3U appliance that is currently only available in China, but Lenovo has plans for bringing it to the U.S.

HP has plans for becoming a significant actor on the security stage, but says it won’t follow the traditional path of conventional security companies. Over the next several generations of product development, HP plans to add more security functionality to its security devices and services, and continually integrate security into the fabric of its computing, storage and networking devices.

For instance, the next generation of the ProCurve firewalls will have VPN and IPS built in. The generation after that will have firewall, IPS and VPN functionality integrated into the silicon, returning the device as a secure blade switch that eliminates the need for layered security devices, says Maurico Sanchez, the chief security architect for HP’s ProCurve division.

With each generation of networking, computing and wireless advancement, HP will embed security to the product to reduce complexity and improve manageability, Sanchez says. The first step in that process is the introduction of the ProCurve 8212 and 5400 Series and availability of new management modules.

“We’re doing a complete refresh of all the networking management and security will be a big part of that,” says Sanchez. “IT administrators will have all the traditional networking management and the security management under a single pane of glass. No one else in the industry can do that.”