Hewlett-Packard [HP] said on Tuesday that it is offering a new continuous monitoring service to its federal government clients.
The HP Continuous Monitoring for the Public Sector software and services will be available to government customers through the Department of Homeland Security’s Continuous Diagnostics and Monitoring (CDM) program. DHS recently concluded a $6 billion blanket purchasing agreement for software and logistics from 17 companies, including HP (Defense Daily, Aug. 15)
“We have a very extensive offering that is much more than providing a few software licenses,” said Betsy Hight, vice president of HP’s U.S. Public Sector Cybersecurity Practice.
Interested agencies can select HP to install sensors throughout their network. The sensors will constantly transmit information to a software program that includes pre-programmed policies. These policies will tell an operator in the agency’s IT department whether an anomaly is high, medium or low risk. The operator assesses the risk and then determines a response.
HP’s offering aligns with CDM’s goal of moving past the current Federal Information Security Management Act (FISMA) standards of periodic network checks. FISMA was enacted in 2002 and is frequently criticized for not keeping pace with new threats to federal networks.
HP Continuous Monitoring provides two advantages, Hight said. While HP recommends that clients use its program ArcSight to correlate information from the sensors, but HP can optimize monitoring and response using a program the agency may already have installed.
“You need somebody big like HP who can look across the multi-vendor security suite–who can integrate, instead of rip and replace,” she said.
Additionally, the continuous monitoring package offers options for automation, she said. The system can sense common risks and be programmed to automatically respond, allowing the operator to focus on other intrusions.
Hight said HP is not focused on “point solutions,” but it is providing advisory consulting to tailor network security to individual agencies.
“This offering is not about technology and it’s not about services–it’s about managing risk,” Hight said.
Hight said task orders for products included in the DHS CDM program have not been released, but she expects they will be coming out by the end of the month.