February 27, 2013
HP Cyber Security Report Shows Vulnerabilities On The Rise
redOrbit Staff & Wire Reports - Your Universe Online
HP released its 2012 Cyber Security Risk Report this week during the RSA conference in San Francisco, warning that total security vulnerabilities are on the rise and becoming increasingly difficult to fight.
The report is an annual collaboration among groups within HP´s Enterprise Security Products division, and gives businesses and other organizations a view into the threat landscape to help them determine how to best reduce their security risks.
Based on an analysis of 100,000 separate URLs, the report found that well known vulnerabilities like cross frame scripting remain common throughout the web. In fact, some 40 percent of the vulnerability disclosures in 2012 fell within just four categories: SQL injection, cross-site scripting, cross-site request forgery and remote file include. These categories primarily or exclusively impact web applications, HP said.
According to the report, mobile vulnerabilities rose dramatically from 2011 to 2012, increasing 68 percent and mirroring the growth of mobile applications. Of the mobile applications tested by HP, 48 percent were found to have unauthorized access vulnerabilities.
The latest security report is part of the company´s initiative to organize its security investments within its Security Research (HPSR) group.
“It´s a way of combining intelligence research that was already happening at HP,” said product marketing manager Mark Painter.
“Really what we´re trying to do is give organizations actionable intelligence research,” he told WebProNews.
Such actionable intelligence is one of HPSR´s primary goals, along with driving innovation and regularly publishing security research data.
Going forward, the group says it will provide a free, bi-weekly threat intelligence briefing to the public and will publish white papers, intelligence research and podcasts in conjunction with the briefings.
Separately, HP announced new offerings on Monday that allow businesses to better detect and prevent breaches by using contextual understanding to gain actionable security intelligence from Big Data.
“Organizations can automatically apply sentiment analysis and event information to their Big Data and security event platforms to gain real-time visibility into the internal and external threat landscape,” HP said in a statement.