HP’s security engine can deploy countermeasures against hackers

HP isn’t exactly the first name that comes to mind when you think about security software, but it’s actually pretty high up the list in the data center. That’s the product of a very simple reality: companies don’t buy hardware to fill floor space, they buy hardware to run their applications, which need to be protected.

The importance of meeting that requirement has led HP to amass a sizable arsenal of security capabilities, one of the most exciting of which is disclosed in a newly released patent filing from its academic collaboration operation. The application describes an engine that picks up when a service comes under attack and automatically deploys the most appropriate countermeasure.

The logic model of the breach detection mechanism looks like this:

After pinpointing the vulnerability, the engine assigns the affected process a risk score based on the severity of the threat and fires up a traffic monitor calibrated to look for that specific attack pattern. Positive hits instantly trigger the system to cut off inbound and bound requests to the applications, thereby blocking the malware from spreading to other parts of the network.

That quarantine is executed on a case-by-case basis, which HP claims is more effective than the blanket policies often favored when sensitive data is involved. The filling illustrates the process as such:

Not only does that targeted approach lower the risk of a vulnerability slipping through the cracks but also removes the work associated with monitoring and quarantining a large number of processes at the same time, thus conserves power. That’s a big deal in data centers with upwards of tens of thousands of servers, especially when you consider the large amount of false positives that are bound to occur in such massive environments.