OREANDA-NEWS. September 04, 2015. Today at HP Protect, the company’s annual enterprise security user conference, HP introduced a first-of-its kind machine-learning technology that harnesses the power of an organization’s application security data. Leveraging big data analytics to prioritize critical threats, HP Fortify scan analytics automates the processing of application scan results to allow customers to focus on higher priority risks.

Cyber criminals today are organized, specialized and motivated to find and exploit vulnerabilities in enterprise applications in order to steal data, intellectual property and employee or customer information. More than 80 percent of successful breaches target vulnerabilities in the application layer1, indicating the need for enterprise IT departments to be vigilant in terms of application security, and to implement programs that reduce security risk driven by software within the organization.

“Like most aspects of security today, securing enterprise applications has been challenged with the sheer volume of vulnerabilities and threats that need to be addressed, leaving organizations guessing about where to start,” said Jason Schmitt (@raidschmitt), vice president and general manager, HP Security Fortify. “The HP Fortify scan analytics technology is revolutionizing traditional approaches to application security by applying machine learning to automatically prioritize the issues that matter and strip away the noise, dramatically improving results and effort required to protect sensitive applications.”

Analyzing big data across thousands of expertly audited security tests to make the application security audit process more automated and efficient, the HP Fortify scan analytics technology increases the relevancy of findings based on the unique context of an application. Bootstrapped by processing historical data of HP Fortify Static Code Analyzer scans, it continuously incorporates on-going application scan results, learning which vulnerabilities are most important based on an organization’s preferences and policies. HP Fortify scan analytics automatically highlights the vulnerabilities that are relevant for an auditor to address, turning a large volume of security information into a small set of high confidence, actionable results. This reduces the number of issues that require an auditor’s review, increasing results accuracy and saving both time and resources while lowering overall risk exposure. 

Integrating seamlessly into existing work flows with minimal disruptions to an organization’s existing applications security program, HP Fortify scan analytics allows customers to leverage the full portfolio.  Together with HP Software Security Research expertise, HP Fortify scan analytics works at every stage of the application security program to help customers efficiently evaluate, validate and triage security findings.