HP’s security software as a service gets FedRAMP OK

HP has announced the authorization of HP Fortify on Demand as the first security software-as-a-service to win provisional authorization under the FedRAMP program. The service will allow federal agencies to perform security assessments on application code and web services without the installation and management of additional software.

According to research by HP Enterprise Security Products, software vulnerabilities account for more than 70 percent of agencies’ cyber breaches and grant hackers unrestricted access to an agency’s network and data once exploited.

HP said its Fortify on Demand addresses this concern with continuous monitoring of deployed software across more than 600 vulnerability categories and services, thereby mitigating risk and identifying vulnerabilities within their network.

The service is currently authorized for agency use to perform security assessments across application code, web services testing and end-to-end mobile application testing. Meanwhile static code scanning for major programming languages is performed system-side at the code layer and then reviewed by an HP static auditor. Dynamic website and web services testing combine HP WebInspect and manual penetration testing followed by an HP auditor’s review as well.

 “Organizations can no longer afford to simply respond to breaches as they arise,” said Rob Roy, CTO of HP Enterprise Security Products. Instead, agencies must take a proactive stance in rooting out cyber vulnerabilities and securing software in every stage of its development lifecycle.

About the Author

Jonathan Lutton is an FCW editorial fellow. Connect with him at [email protected]

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected