Has HPE lost focus on security software business?

HPE enhances its security software as it prepares to spin-merge with Micro Focus — after selling several related businesses, says Jane Wright, principal analyst at TBR.

Hewlett Packard Enterprise’s (HPE) recent announcement it will spin off its software business unit, including its security software, into a new company co-owned with Micro Focus was a key topic among HPE representatives, partners and customers at HPE’s Protect 2016 conference.

HPE will own 50.1 percent of the new company, while Micro Focus will own the remainder. The company will retain the name Micro Focus, with the deal expected to close in one year. Micro Focus will add sales reach and a stronger software focus that will help elevate customer awareness and encourage additional integrations of HPE’s security solutions, such as ArcSight, Fortify and Atalla.

At the conference, HPE and its partners assured customers they will see minimal disruption, as HPE will continue to update its security software during and after the “spin-merge.” Lending credence to these assurances, HPE demonstrated recently developed features and unveiled plans for its flagship security software.

The spin-merge combined with HPE’s recent divestitures of its other security assets, such as Tipping Point, will cause significant disruption in the competitive positions and partner relationships of vendors and service providers in the enterprise security market.

HPE continues to enhance its security software

When HPE sold its Tipping Point network security unit to Trend Micro last year, HPE indicated it would use the proceeds to enhance its remaining security solutions, with a special focus on ArcSight, its security information and event management (SIEM) solution. These enhancements to HPE’s security operations, application security and data security solutions were on display at HPE Protect 2016.

Security operations ArcSight is a widely deployed SIEM solution that helps customers improve security operations by integrating information and controls throughout their security deployments. HPE’s commitment to enhancing ArcSight was demonstrated by the many ArcSight announcements at the event.

For example, HPE announced ArcSight Data Platform Version 2.0 that connects ArcSight to more data systems and allows administrators to move that data to other connected systems. Additionally, HPE unveiled Project Hercules, an event broker slated to become available next year that will enable security analysts to correlate threat insights from HPE and third-party security data.

Application security HPE’s Fortify suite includes secure application development, application security testing and application security monitoring tools. Recently, HPE enhanced the suite with support for Docker applications containers and with Black Duck’s risk assessment tool for open-source software. These enhancements help HPE compete with other application security providers, such as Veracode, as each aims to offer the broadest range of facilities, features and support to application developers.

Fortify is available as traditional licensed software or as a subscription-based service. Customers are increasingly opting for the flexibility of subscription-based application security services. Resources from the spin-merge will enable the new HPE- and Micro Focus-owned company to add staff and facilities to support customers’ growing use of the subscription-based service delivery model. Data security HPE’s data security solutions, including SecureData, SecureData Mobile, SecureData Payments and Enterprise Security Key Manager (ESKM), address various use cases such as compliance, data privacy and collaboration (e.g., email) encryption.

At HPE Protect 2016, HPE announced a partnership with Digital Guardian that integrates the latter’s data loss prevention (DLP) capability with HPE’s SecureMail product.

Customers are seeking DLP features such as data discovery built into their data encryption solutions, and the partnership with Digital Guardian will help HPE address these new expectations. HPE prepares for a new role in the security market HPE (which formed after the split of Hewlett-Packard Co. on Nov. 1, 2015) has pointed to security as a key pillar in the company’s strategic vision since 2012.

But a series of divestitures and spin-offs announced by the company over the past several months, including the divestment of HPE’s Tipping Point to Trend Micro and its managed security services unit to CSC, show HPE has changed its position and now designates security as noncore to its future plans. However, the new company formed by the spin-merge of HPE and Micro Focus will commit strongly to security software, carving out a new leadership position in the enterprise security market.

HPE will continue to aggressively enhance and strongly support its security software portfolio during the transition. But assimilating the HPE and Micro Focus portfolios and sales and marketing engines will take time, creating opportunity for competitors such as IBM and Dell Technologies (with RSA) to leverage the organizational disruption in HPE’s software business unit and demonstrate their offerings to HPE security customers.

HPE’s recent security divestitures and current spin-merge will set off major repercussions in the security market. Technology alliance partners such as FireEye, Fortinet, Malwarebytes and Venafi; professional service providers and systems integrations partners such as PwC and Deloitte; and security-focused reseller partners will need to reassess their relationships with HPE, Micro Focus, Trend Micro and CSC. Shifting loyalties and changing margins will require strategy adjustments for all of these companies before the HPE-Micro Focus agreement is finalized in 2017.