HP Is Not the Death Star – But HP Doesn’t have a Firewall

I remain completely baffled as to why HP Networking does not have a firewall. Firewalls are like noses, everyone has one – in fact, we have lots of them – pass the tissues.

Notwithstanding that the Crunchy Edge / Soft Centre security strategy is widely discredited we still need firewalls. Am I right ?

So this glorious piece of ¬†“look at what we have, don’t look at what we don’t have” in one of the HP Security blogs seems like the right time to take them to task:

If you were somehow frozen in carbonite last summer and just now thawed, you would be shocked at how HP security looks today. HP is a security company. No, really. It’s a brave new world. As you dreamt your frozen dreams, HP was acquiring such security juggernauts as Arcsight and Fortify, bolstering a security portfolio that already included SPI Dynamics and TippingPoint.

But you don’t have a firewall product. In case you hadn’t noticed, none, nada, nyet, zero, of those products are a firewall.

Good things are happening. HP’s TippingPoint was again named a leader in Gartner’s network intrusion prevention system (IPS) magic quadrant in December 2010; Fortify followed suit in the static application security testing (SAST) MQ – in addition – just this week – to winning two 2011 CODiE awards (Best Software Development Solution, and “Best Security Solution”). ArcSight and ASC WebInspect are also consistently evaluated as market and technology leaders.

Blah blah blah, Nice but only used in combination with a firewall strategy. God I’m bored of hearing about Tipping Point – IPS is yesterdays news.

And HP Networking still doesn’t have a firewall solution.

HP is different. It is turning away from the Dark Side, using The Force to integrate its assets for cosmic good. From an Application Security Center perspective (as I’ve blogged before), WebInspect, Fortify SCA, and Fortify’s runtime analysis tool SecurityScope have combined to create Real-Time Hybrid Analysis, enabling security teams to discover vulnerability root cause as they observe attacks in real time. Subsequent near-term product releases across the application security portfolio will demonstrate further real-time integration innovation.

But you don’t have a firewall.

We are planning more coordinated efforts across the fleet in 2011, incorporating various technologies and delivery modes (The Force delivered from – and to – The Cloud? The mind reels!). Anyway, Admiral Ackbar can rest assured – HP security is NOT a trap.

Why the bloody hell does HP Networking not have their own Firewall ?

HP Is Not the Death Star – HP Software Solutions Community online forum

  • adama

    Because if they had one it would be terrible? One thing we don’t need is more fragmentation in the security market. Why do you want them to have one? Would you buy it just because it’s made by the people who make your switches, regardless of wether it’s better/more cost effective than the alternatives?

    They don’t have one because they don’t have one. Is there some bizarre ideal where every company involved in networking has to have a foot in every market area?

    • Ferro Greg

      Indeed, HPN is pitching as a one stop end-to-end service with applications, servers, networking and security. That’s exactly the point of the article, they are saying “we’ve got it all” …. except they don’t have the one thing that is a core product. A firewall.

      And yes, more fragmentation is better. We need more best of breed solutions instead of vertically integrated stacks.

  • DudeMan

    Funny thing..

    if you go to the ‘HP Networking’ website and navigate to the ‘Security – Tippingpoint’ section.. You will notice in the bottom right (E-Series) a picture of two firewalls made by H3C. H3C makes firewalls and was acquired via the 3Com acquisition. One is called the F5000, the other pictured is the F1000 or F100.. HP called them the A-F5000, A-F1000 etc.. at the beginning of the merge. Not sure why they aren’t selling them now.

    • MikeInSeoul

      That’s not the only one I found, either. I know just about zip about HP enterprise products, so I might be off on this one, though.

      The “HP Threat Management Services zl Module” here:

      “The HP Threat Management Services (TMS) zl Module is a multifunction security system for the HP E5400 zl and E8200 zl Switch Series. It is comprised of a stateful firewall, an intrusion detection/prevention system (IDS/IPS), and a virtual private network (VPN) concentrator.”

      Sounds a lot like a firewall to me. Maybe even an attempt at competing with the ASA – possibly even the new ASA Services Module. It looks like this HP security “thing” might be a modular solution, meant to be integrated into a larger switch chassis.

      Maybe someone with more knowledge of the HP security product lines could clear it up for me …

  • FRom

    Fragmentation is realy good thing I agree. However, if we look at other HP Networking products, then we can clearly see, that their in house R&D is almost 0. Procurves on their own can hardly compete with Dlinks and Netgears. All real things they can offer come from acquisitions of H3C (AKA Huawei), Colubris, TippingPoint etc.
    So the your initial Q is rather reasonable, why they do the still don’t have Firewall? There are plenty of security vendors struggling to sell on their own, HP just have to select more appropriate one to buy.

    • adama

      But why do you want them to have one? You want more vertical integration? What does it matter if your switches/firewalls didn’t come from the same vendor.

      I’d rather stick my penis in a hornet’s nest than buy an ASA, but I tend to most often choose routers/switches from Cisco.

      I’d really rather there were fewer better vendors of firewalls than everyone and their dog shoving out a shitty me-too product. Large vendor acquisitions rarely result in better products, particularly when that’s not the vendor’s core market.

      • FRom

        No-no, I never said I would like to buy from them FW just because I have their switches. However, I’m curious about Firewall solution in their portfolio, and this fact really seems illogical to me due to consolidation tendencies of the market: HP, Cisco, Intel &Co just buying new businesses “to provide customer with complete solution from the bottom to the top”.
        I believe there are a lot of startups just dreaming of being bought by big players of the market.
        And in the end of the day if product X from vendor A is a good one, then I really not bothered by the fact, that company B want to merge with company A.. unless they have similar products and there is non zero probability they deprecate product X.

  • Nevot

    Maybe a cisco-like movement, buying a new niche player (I’m thinking in Palo Alto), is the next move for HP…

    • Ferro Greg

      I think Palo Alto has too much overlap with Tipping Point for the money – Sonicwall looks like a good buy to me.

  • http://blog.pattincon.com Terry Pattinson

    What about Endian as an acquisition? I fired up their community firewall last year. Of course, firewalls need to be secure, scalable and capable of protocol inspection. Not terribly sure how it’d rate, but it certainly felt like the real deal. Also, because it is Linux-based, HP could supply their stock hardware.

    • http://etherealmind.com Greg Ferro

      I’ve never heard of Endian. Off to look them up….