Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 hp.com News Release HP Leads Industry to New School of Cyber Defense New HP Security offerings focus on securing interactions between users, applications and data Editorial contacts Kristi Rawlinson, HP Kristi.rawlinson@hp.com www.hp.com/go/newsroom SAN FRANCISCO, Apr. 21, 2015 — HP today unveiled new security offerings to help organizations embrace a “New School of Cyber Defense” by protecting the interactions between users, applications, and the boundless data exchanged to safely fuel growth and innovation. As information flows through data centers to the cloud and out to personal devices, the data must be secured at every step. The new HP Security products and services announced today address this approach to security incorporating user behavior analytics, data-centric cloud access protection, mobile application reputation analysis, contextual threat intelligence sharing, and incident response. Organizations worldwide spent approximately $77 billion on cyber security in 2014,1 while successful breaches increased 25 percent.2 Adversaries continue to evolve while organizations increasingly adopt new ways of doing business—and the current approach to securing interactions between users, applications and data isn’t keeping up. This calls for a new approach to cyber defense. Building on security fundamentals such as monitoring events and securing the perimeter, organizations must shift their focus to protecting what matters most – the interaction between the users, the applications and the data that carry the sensitive information adversaries target. “The old school approach to cyber security focused on securing the perimeter, but the data powering business today goes beyond our four walls and must be protected from cyber threats regardless of where it resides,” said Art Gilliland (@ArtGilliland), senior vice president and general manager, HP Security. “In today’s environment, we must challenge ourselves to embrace the new school of thinking that goes beyond the infrastructure to protect what matters most – the interactions between users, applications and data that when protected, can fuel our businesses and accelerate growth.” Tackling Insider Threats through Behavioral Analytics HP today announced a new offering that gives companies visibility into user behavior, delivering a simple, efficient way to detect malicious users within the enterprise. Partnering with security analytics company Securonix to deliver an interoperable security intelligence offering designed to help track and identify the “enemy within,” HP ArcSight User Behavior Analytics (UBA) leverages the behavioral data generated by enterprise users along with broader network event intelligence to detect even the most complex threats. Page 1 of 4 Extending Cloud Data-Centric Security HP today announced a new cloud access security platform designed to complement the existing HP Atalla cloud security portfolio, and expand its leadership in data-centric security. The new HP Cloud Access Security Protection platform provides ‘borderless’ protection of the data itself—at rest, in use or in motion—through a partnership with cloud access security broker Adallom to bring enhanced cloud security monitoring, governance and control capabilities to HP customers. The platform integrates HP’s existing suite of data security offerings including HP Atalla Information Protection and Control (IPC), an added-value security solution that automatically encrypts files when moving information in and out of the cloud or across platforms. Empowering BYOD through Mobile Application Protection HP today announced a new offering to help its customers manage their Bring-Your-Own-Device (BYOD) policies more intelligently by providing a fully-integrated mobile application reputation database within the HP Fortify on Demand cloud-based portal. To further protect the interactions between users, data and the applications, all HP Fortify on Demand customers can now request free reputation and behavioral analysis of company-owned applications or those found in major app stores worldwide. Going Beyond Threat Intelligence Sharing Perhaps one of the best weapons in a company’s security defense arsenal is collaboration. Because information sharing is intrinsic to a comprehensive security strategy, HP Security has developed HP Threat Central, which is now generally available for all customers. Delivering automated and open sharing of information, HP Threat Central offers contextual analysis of information, prioritization of security data and identification of results that will allow organizations to take action. In addition to value-added intelligence, analysis of underground forums and threat actor profiling from HP Security Research, HP Security is also working to augment the HP Threat Central service with intelligence feeds from a network of companies, including AlienVault and Crowdstrike. Addressing Incident Response and Advanced Threat Detection HP Security is focused on building a comprehensive set of best-in-class security offerings to deliver unparalleled global access to a comprehensive suite of security remediation services. In line with this mission, HP Security and FireEye today announced a partnership that will deliver incident response offerings and develop an industry standard reference architecture providing customers with a blueprint for advanced threat protection services and incident response capabilities. This partnership offers customers choice, and supports HP’s overall strategy to deliver world class security capabilities. These capabilities draw on investments in industry-leading solutions from HP ArcSight, HP Atalla, HP Fortify, HP TippingPoint and HP Security Voltage along with partnerships with industry-leaders such as Adallom, Securonix and Trend Micro. Together, these solutions help customers address security strategies in line with the “New School of Cyber Defense”. To hear more about the “New School of Cyber Defense”, attend Gilliland’s keynote presentation on the main stage at the RSA Conference 2015 Conference on Wednesday, April 22, 3:05 p.m. PT. Additional information about HP Security solutions is available Page 2 of 4 at HP booth No. 3403 at the conference. Keep up with RSA Conference happenings by following the hashtag #RSAC and follow @HPsecurity. About HP Security HP enables organizations to take a proactive approach to security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative research, HP Security brings a global network of security operations centers and more than 5,000 IT security experts to help customers strengthen their security posture to minimize risk and incident impact. Join HP Software on Linkedin and follow @HPSoftware on Twitter. To learn more about HP Enterprise Security products and services on Twitter, please follow @HPSecurity and join HP Enterprise Security on Linkedin. HP’s annual enterprise security user conference, HP Protect, takes place September 1-4 in Washington, D.C. About HP HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers’ most complex challenges in every region of the world. More information about HP (NYSE: HPQ) is available at http://www.hp.com. Gartner Press Release, August 2014, www.gartner.com/newsroom 2 Ponemon Institute Cost of Cyber Crime Study 2014 © 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP’s businesses; the competitive pressures faced by HP’s businesses; risks associated with executing HP’s strategy and plans for future operations; the impact of macroeconomic and geopolitical trends and events; the need to manage third-party suppliers and the distribution of HP’s products and services effectively; the protection of HP’s intellectual property assets, including intellectual property licensed from third parties; risks associated with HP’s international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers, clients and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated Page 3 of 4 benefits of implementing those plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2013, and that are otherwise described or updated from time to time in HP’s Securities and Exchange Commission reports. HP assumes no obligation and does not intend to update these forward-looking statements. Page 4 of 4