Hello, everyone. Good morning, good afternoon, wherever you are. I'm John Tolbert, Director of Cybersecurity Research here at KuppingerCole. And today for our webinar, I'm joined by Oliver Pfaff and Lars Faustmann from HP Wolf Security.
Hello, gentlemen. Hey.
Hey, John. Hey, John. Hello out there. Good to talk to you. And we're pleased to join this session today with John. But I think we will hear more from HP in a couple of minutes. So the stage is yours, sir. Thank you. Yes.
Welcome, everybody. Today, we're going to be talking about endpoint security. And Lars and Oliver will dive into HP's business solutions for endpoint security after my session here. So a little bit about our logistics. Everybody's muted centrally. There's no need to mute or unmute yourself. We're going to run a few poll questions at the end of my session and before Lars and Oliver start. And then we'll take a look at the poll results at the end when we do Q&A. And we will have Q&A, as I've said. So there is a control panel for Cvent here. You can enter your questions at any time.
And we'll take a look at them at the end. And lastly, we're recording this. So both the recording and our slides will be available in the next couple of days. So let's just dive right in. Endpoint security, threats, challenges, and solutions.
So, you know, there are lots of different threats that we've seen over the years to endpoints. Ransomware is kind of the latest thing that many organizations are worried about, and with good reason.
But, you know, this started, you know, more than three decades ago with viruses and worms. And they have, you know, grown much more complicated and dangerous over the decades.
And, you know, we first saw the emergence of ransomware in mass, you know, about eight to ten years ago, which has been, you know, a specialized form of malware. But, you know, malware, you know, is designed to compromise endpoint systems and give the attacker control or do various other malicious things. We also are increasingly worried today about physical theft of assets like endpoints. And I'll go into that in a little bit more detail here in a minute too. So first up, let's look at ransomware.
It has unfortunately become an industry, and they have changed their tactics and even their strategies considerably over the last eight or ten years. You know, when ransomware first started, it was kind of an annoyance. Screen lockers, it would lock your screen.
You know, then they realized that they could attack machines, encrypt data, make victims pay a ransom. And, you know, often this started out as attacking individuals, you know, and they go encrypt your data files, your pictures, and they might ask for a couple of hundred dollars or a couple of hundred euros. And then quickly they figured out that there's a lot more money to be made by attacking bigger organizations. So they moved to doing that, you know, attacking endpoints, you know, then making sure that people couldn't restore from backups. So they didn't print backups.
They looked in the cloud to find cloud backups. And the idea, again, was just to get people to pay money to unlock, to get their data back. And sometimes in the earlier days, organizations would pay ransoms, and they would get keys that were defective, and they wouldn't even unlock the data. But that's changed mostly, too. Then we saw destructive wipers, which kind of look like ransomware, but they weren't really ransomware because they would come in and either zero out the data or attack the BIOS, attack, you know, lower levels than the operating system.
So rendering the machines useless, in effect. Then we saw, you know, encryption with data exfiltration. The idea here is even if you've got a backup, the cyber criminals would then threaten to release your sensitive information, your company confidential information, and sort of time it to coincide with the ransomware going off.
And, you know, over the last year or two, we've seen the cyber criminals actually just doing data theft without doing encryption. So it's more like, you know, an APT, Advanced Persistent Threat, attack from, you know, the early to, you know, 2010s, where they come in, steal the data, and then just sort of discreetly threaten to release the data unless you pay them. So you can see there's been a huge change in the way they do business.
So, you know, going into more detail about the last one there, when is ransomware not ransoming? Well, when they don't actually use malware. They break in, and then they take your data, and they threaten to leak it. Why do they do that? Because it's more worrisome for an organization if they're threatening to release, you know, your sensitive or trade secret information or your customer lists or something like that.
Sometimes they act like they're just an uninvited pen tester, and they'll say, well, you know, we've discovered that you have this vulnerability here, and we exploited it, and we're letting you know about it. But really, they're, you know, they're malicious actors. But it allows them to be a little bit more discreet about it, and it's less disruptive to normal business operations. Many times these days, they also ask for victims to not report the attacks, and many victims comply with this, unfortunately.
And we already believe that there's an underreporting of cyber incidents that's going on, and this trend, if it continues to increase, it's probably going to, you know, lead to even more underreporting of actual cyber incidents. So what's led to the growth of ransomware?
Well, I think first and foremost, we can say cryptocurrency. You know, in the beginning, it was, there were many good feelings and optimistic hopes about what cryptocurrency would do. But unfortunately, it has become, you know, the medium of exchange of choice for cyber criminals, especially as it's increased in value itself over the last few years. We've seen a willingness of victims to pay ransom.
I mean, you know, who can blame anybody? You can't really, if you don't pay and you don't have a good backup, then, you know, you can be out of operation for actually months, months in many cases, and no business really can withstand that, which has also led to the development of, you know, cybersecurity insurance.
Now, many cybersecurity or insurance firms offer cybersecurity policies that, you know, ostensibly help pay the cost of dealing with cyber attacks, including ransomware. And also, unfortunately, many organizations kind of view this investment in cybersecurity insurance as sort of the same thing as investing in their cybersecurity infrastructure, which it's not. We've seen specialization in the cyber criminal labor market. I'll go into that in a little bit more detail in a minute. And this has become, and you've probably heard of this, ransomware as a service. It's a business model now.
So there is specialization. I mean, we have different actors that are involved in ransomware as a service.
You know, you've got the service providers. These are, you know, the organizations that actually develop, you know, update, fix, patch the malware. They go out and recruit what they call affiliates. They vet them to make sure that they're, you know, people that are going to carry out the criminal enterprise for them. The service providers also handle the ransom collection. They provide, this sounds silly, but tech support. They provide the decryption keys. And once they collect the ransom, then they pay out the affiliates. There are access brokers.
These are people who go out and compromise accounts or, you know, in some high profile cases over the last year or so, there have been access brokers who have paid employees for access to their legitimate accounts. So, you know, it may be disgruntled employees or someone who's susceptible to taking money for, you know, giving illegal access to company resources. Then these access brokers sell those accounts to the affiliates, the operators.
And the operators or affiliates are the ones who are, they do the research, they figure out what companies they want to attack or what organizations, you know, a lot of government agencies, state, local, provincial governments, as well as, you know, federal level government agencies have been hit. They actually do the attack. And then once the ransom has been collected, they get paid. And then lastly, there's this other category, negotiators. These are people who sort of run in between the victims and the ransomware service providers. They try to negotiate a lower ransom payment.
So just how prevalent is this? You know, 66% of organizations report that they've experienced some kind of a ransomware attack in the last year. Their ransomware comes by many different ways. Their exploits, exploitive vulnerabilities, the compromised credentials I mentioned, whether or not they're getting them from, you know, disgruntled employees or they probe and are able to compromise an account. Malicious email, phishing, and, you know, still brute force password guessing works too.
So if you have accounts that are out there that are, will give access to internal resources and they're only protected by weak passwords, that's another way that they get in. About three quarters of the time, the attackers succeeded in encrypting victim data in 2023. 30% of the time, they exfiltrated data.
And, you know, we see lots of different statistics about the costs depending on the reporting organization, but it easily runs close to $2 million per incident. You know, I guess the good news is now ransomware, cybersecurity in general has concerns at the board level. According to another report, a quarter of boards of directors frequently talk about it. 50% have it on their regular agendas.
But, you know, from this report, it says executives and boards are listening, but not all are acting. Also on the good side, we've seen increases in cybersecurity budgets, but also the numbers of attacks and the losses associated with these attacks has increased quite a bit too.
You know, this is different than let's say, I think it was at the end of 2022, we saw kind of a fairly significant dip in the numbers of ransomware attacks. It didn't decrease, you know, the asked for ransom, but, you know, prosecutions probably had a bit to do with that, but we have seen, you know, a very steady increase through 2023 and into the first half of 2024. But one of the good, good point here about board level concern is 91% report that they have some sort of an incident response plan in place.
Of course, it's important to test that plan, exercise it, make sure you can do things like restore from backup if necessary. So a little bit more on how the tactics are changing, you know, just in the last year or two, we've seen things like affiliates are doing more in-depth assessments. They've even targeted these cybersecurity insurance firms, you know, find out who's actually covered by a policy, and then they will attack an entire supply chain.
We see that they are buying access rather than breaking in, you know, and from their perspective, this has the advantage of, you know, greatly reducing the likelihood that you're going to set off any kind of alarm. If you're not, you know, trying to do a brute force attack, you know, where you might be, you know, triggering alarms for failed login attempts or, you know, compromising machines, you know, giving off indicators of compromise, then, you know, you're going to this much quieter method makes it easier for them to get in.
They've also focused on, you know, large enterprise software packages because they know that oftentimes organizations can be slow to patch those, you know, because the entire enterprise depends on, you know, these very large systems. And they're also attacking some of the smaller members of big supply chains because, take for example, you know, somebody in the manufacturing business, there'll be a big prime contractor, but they may have 50, 100, or more subcontractors in their supply chain. And they almost by default have to give access to the subcontractors.
So if you can compromise one of the smaller businesses who has access into a larger business, then there are ways for them to get in, compromise the better protected larger business, perhaps, and even infect an entire supply chain. Some of the things that we've seen, too, in their techniques, they have, you know, rapidly weaponized, discovered vulnerabilities, you know, 24-hour turnaround in some cases. They're moving to things like the Rust programming language because it's harder to reverse engineer.
They may be doing partial encryption, you know, some anti-malware solutions will actively look for processes that are, you know, either doing mass enumerations of all the files on a disk or in a drive, and then, you know, changing the extension or, you know, doing full encryption. So by doing partial encryption, it might make it harder for some anti-malware solutions to detect that it's actually a ransomware attack. But another good thing to note here is increasing use of things like XDR and managed detection or response has been thwarting some attacks.
So, you know, having a service provider that is watching your infrastructure for you at all times has been beneficial to those organizations that have contracted with them. So let me move into the technical controls. We'll talk a little bit how to prevent malware from running in the first place and how to contain it. So endpoint protection, this, you know, we have had this for at least three decades now.
We, you know, we originally called it antivirus, then we called it next-gen antivirus, you know, because there were some substantive changes in how they worked. Now the industry's kind of settled on endpoint protection or endpoint protection detection and response for those products when they're combined. Endpoint protection is really about stopping malware from running in the first place if you can, because it's better to prevent than it is to detect and have to remediate.
So there's a number of different ways, a number of different techniques that can be used to look at code before it executes. And then, you know, there are other what I call secondary EPP features, things like having an endpoint firewall, doing URL filtering, you know, preventing your users from going to known bad URLs and, you know, picking up malware from drive-by downloads or things like that. Application allow listing, deny listing, making sure that users can only use the applications that they need to.
That way, you know, you reduce the risk of having a highly privileged account running an application that, you know, may be more easily compromised. And then lastly, here we have system file integrity monitoring. These malware packages almost always want to persist, so they will try to change things in the system files, the registry, you know, BIOS or UEFI to try to persist so that they, you know, next time the machine reboots, it can load the malware into memory. So checking for system file integrity is very important too.
You know, on the good news side too, we have, you know, EPP can stop ransomware. And they use, you know, these techniques here, signatures, that's been around since the late 80s, early 90s, but it's still effective.
You know, many anti-malware solutions today still use signatures because it's faster than, say, doing things like memory analysis, memory analysis, looking at how they utilize memory. Sandboxing, that's where you, you know, get a file, if you put it in a kind of a safe location or send it somewhere for analysis, and then it will report back to the endpoint whether or not it was safe. There's a lag time there, it could be problematic. There's virtualization.
Virtualization is a really great technology for preventing malware from running because you're essentially spinning up a new VM and letting downloaded code run there so it doesn't have an opportunity to infect the underlying operating system. AI, ML, you know, unsupervised machine learning is good for detecting anomalies in code. Supervised ML is good for classifying it.
You know, some anti-malware solutions today also use deep learning neural networks for being able to do sort of both at the same time. Again, looking for code that appears to be malicious and trying to prevent it from running in the first place. And I kind of mentioned some of these things here, you know, what do they look for specifically about stopping ransomware?
You know, enumerating file types, you know, mass file extension changes, trying to encrypt or zero out the data. Windows machines have what you call a volume shadow copy, which is kind of a backup copy of the operating system on the disk. A lot of ransomware solutions will start by trying to delete that.
So, an anti-malware solution can look at, you know, a call going to the processor to delete the volume shadow service and if, you know, shut that down. So, you know, that's a very useful way endpoint protection detection and response solutions can stop malware. And lastly, they can hopefully prevent things like deletion of online backups too. If they could identify where an online backup is stored, then they can prevent that. They can isolate the machine that appears to be infected as well.
So, also, you know, NDR, XDR, MDR. NDR is network detection and response. XDR is extended. That's kind of the union of network and endpoint. And then M for managed.
That's, you know, having a managed service run all this for you. One of the reasons NDR is really important is attackers have to use the network. If they compromise machines, sometimes they can actually delete the logs.
And, you know, that covers their tracks. But on the network level, you can look for things like initial break-in, you know, recon, lateral movement, command and control communication, and then exfiltration.
So, the network can often be, you know, sort of the last line of defense in preventing an APT attack, ransomware, and the consequences of that. Lastly here, I say, you know, let's use the R features of detection and response products to automatically block things like data exfiltration.
So, let's look at theft. You know, losing physical equipment is a very dangerous situation. None of us wants to be in that spot. We often have security training about this.
But, you know, we sometimes I think we focus a lot on travel-related things in those security trainings. So, we'll talk about, you know, don't lose your laptop at a bus station or an airport.
But, you know, so many employees take their laptops to restaurants, coffee shops, and obviously they're going to have it in hotel rooms if they're going to conferences. But, you know, an employee going home from work may stop at the gym or stop, you know, at a school. And if it's out in plain sight especially, it's an easy target.
So, you know, promoting awareness of physical laptop security is still very important because these attacks are still very prevalent, unfortunately. So, how do we manage these situations?
Well, we have, you know, a number of different tools here. And let's, in the interest of time, just focus on where we are today, UEM.
So, Unified Endpoint Management. This is sort of an outgrowth of the UEM.
So, this is sort of an outgrowth of where we came from, you know, configuration management databases. And then there was mobile device management endpoint, enterprise mobility management.
Really, it's all about tracking all the endpoints that you have. So, whether it's a laptop, server, you know, mobile phones, tablets.
And, you know, so many organizations use IoT devices today too of different kinds. So, you know, you really need to be able to track all the different assets you have. And then do vulnerability assessments, understand where they are in terms of patch levels, and then automate patching as much as possible. Where we see this going in the future is, you know, it will be more cloud-based in terms of, you know, management consoles. They have to include more IoT and operational technology use cases.
And, of course, vulnerability mitigation. We've talked about virtual patching for years as ways to sort of shield, you know, unpatchable machines for the moment.
You know, these kinds of capabilities, I think, will become more and more important in the future. So, to sum up here, EPDR is great for helping prevent, you know, malware attacks, ransomware attacks, but we also need fleet management, unified endpoint management to help counter the threats that we see on the physical side.
So, let's do a couple of poll questions here. And really curious to see what everybody has to say. What kinds of cyber attacks are you most concerned about?
So, our options are ransomware, software supply chain attacks, laptop theft, loss of your IP, or loss of PII in case you're handling a lot of customer data. So, we will give you a few seconds to take a look at that and answer. And thank you for that. And we'll move on to the next one. What do you think are the three biggest challenges in implementing cybersecurity? Is it getting enough budget? Do you feel like your organizations are siloed? This often happens, you know, with big conglomerates.
You've got, you know, different heritage companies that are put together and each still has their own budget or something. Is it a skill shortage? Do you feel like you have too many tools to deal with? Or is it stakeholder management?
You know, getting the buy-in of the appropriate level of management. So, we'll give you a few seconds there. And okay.
Now, I would like to turn it over to Lars and Oliver. But just a quick reminder, if you've got any questions for us, feel free to put them in that CMIP control panel.
Hey, hello, everyone. Thanks, John, for giving us, you know, I mean, a stage like this to present our products, right?
So, it couldn't be better. So, first of all, my name is Lars Faustmann. I'm part of the HP organization in Central and Eastern Europe, and I'm responsible for digital services. And I'm joined here by my colleague, Oliver Pfaff. He can introduce himself.
Yes, I'm his partner in crime. Oliver Pfaff is my name, and I'm running Germany and Austria from a category perspective. That means from the, let's say, classical break-and-fix capex over managed services, and then it ends up in sophisticated solutions like security. And I'm happy now to take you into a journey into endpoint security, or let's say a more sophisticated way to endpoint security.
But Oli, before you do that, let's quickly react on what John was saying, right? So, I think, I mean, he presented obviously very well on really a state-of-the-art ransomware and its consequences. And obviously, Oli is going to present a solution, which is really providing you an answer to that. And the other, I think, more to the end, he was presenting to the theft, right?
So, what happens if you're going to lose a device? For those who haven't been in the possibility to join the presentation that we did with Scoping a Call, I think a couple of weeks ago, we presented another solution from HP, which is called Protect and Trace, where you basically can find your PC when it's out of battery or out of the network.
So, the key thing is out of battery, out of network. So, for that, we recommend that you listen back into the recording that was made available at that time. It's really a nice response that HP has delivered to a fleet management scenario where you're out of the network, the PC is powered down, and basically, you lost your PC.
And now, Oli will go ahead with the security. So, first of all, the agenda.
So, before we start, the first point will be a little reality check. I would always call it like that because we need to understand what's really going on in the market. I think John explained a lot about what's going on there, but I think I can give you, let's say, real lifetime examples directly or fresh from the press. Then we dive into HP security stack, or we can also call it 360-degree security at the endpoint. Then we will have a look at the attack scenario and the antidote, and then we will do a live demo on that.
So, we will really see how this isolation engine, this little piece, what we invented, is doing so far. And then we will give a little glimpse on the BSI.
So, the BSI is our security institution in Germany. So, it's really, let's say, a big fan of our solution, so to say. And they have a couple of things, especially on ransomware. And then last, we'll do a quick portfolio overview. And then again, last, we'll provide, let's call it a sneak preview of what's going on with WEX. WEX is our new workforce experience platform, which you will see in the near future, which combines everything what HP can offer, every solution under one umbrella with a little bit more on the plate.
So, let's start this. First of all, let's look into reality.
So, if you look into the worldwide web, I mean, you see plenty of messages every day, day in, day out. And I think one of my new hobbies, or not only my hobby, it's Larsen my hobby, is really to see what's going on. And you can see here, we have public institutions over here. You have a school which has been hacked, which was closed for two weeks. We have a fabric of chocolate, which was really very break down. And then we have a city, so institutional city in Bochum. And here we talk about critical infrastructure.
So, this is about energy. I mean, at this stage, it goes really, really, really, really problematic. You can see the police, even the police going to be hacked. And again and again, I mean, I can repeat myself again and again. And you see here, the last one was from a manufacturer of shoes, right?
Also, I think it was, they were down. So, the manufacturer was really controlled and booted down.
So, you see here, they were not able to process any kind of order. You see, this is a big hit for our enterprises and for our mid-market space. And you see here on the right side, and I make this statistics here, the dark countries leading, unfortunately leading by Germany, Switzerland, and Austria.
So, this was 21. I mean, it was really driven. You can see this driven by the Corona times. And you see here in 2022 and 23, I mean, you see a big increase here of those really heavily attacks, right? And now looking into 24, we are at 62 already. And of course, the tendency is going to increase month by month.
So, when we put the whole thing into easy-to-understand numbers, we see roughly 240% as an increase on cyber attacks, especially during the pandemic and of course, after the pandemic, which manifests in 2.5 attacks per minute. And you can see here already.
So, every second, every minute is going to be somebody out there. Not only a live person could be also, okay, AI driven thing.
So, you will see, we have lots and lots of traffic around in the internet. And of course, 91% of the decision makers, they see, of course, endpoint security is a very, very important topic. It's not 25 years ago, as John mentioned about the next generation antivirus or EDR.
So, the endpoint, I mean, you have so many endpoints. Just as an example, you're leading a big enterprise with 60,000 seats and you have 60,000 possibilities to hack those endpoints, right? And finally, and this is, I think, I like this chart very much because you see here on the left side, this is the typical approach. Data security is all around and everywhere. But at the end, if you break this down, we are all this guy, this little guy in the right corner here at the stage.
So, we are the human error. I mean, we are dealing every day, day in, day out with Microsoft, with Excel, PowerPoint, Adobe. Those are the things which are relevant, let's say.
So, I would say 95% of our working time or even more is used with that kind of application. And this is exactly the speak point where we developed our solution.
So, when we look into HP, to give you a short glimpse, we have two ways of security. We have the full stack security for PC and print. You see here everything what is below the BIOS, yeah? And you see here, we have our own security controller, for example, on the main board and we have our own factory services, which ends up in 100 billion devices. It's even more right now. And we haven't experienced any rootkit so far.
So, very, very, very good result in that space. And on the other side, we go back to the cursor, we have our hardware and voice isolation. And this is the pure software stack, right?
So, we have a software invented, which is called SureClick. And this software, this little piece of software is dealing with all relevant applications. You see our browsing applications like Chrome, could be also Firefox or Internet Explorer, and of course, all of these applications. Task isolation. What's that, basically? Very simple to explain. When you look into the old days of antivirus, you see it here and you see here endpoint detection and response. And this is, let's say, predominantly what we see in the market.
So, EDR is, let's say, a quasi standard. And Don already talked about that. And I think this is absolutely mandatory to have this.
So, I would say every company in the field should run at least a sophisticated or next generation antivirus or even an endpoint detection and response system. And what we are basically offering or doing is we are putting on top an isolation block, or you can also say decided, which we call, you can call it the first line or the last line of defense. But at the end, it's about zero trust. Because what we are doing is everything what comes in could be an email, could be a stream when you are browsing or something like that.
Everything what you're doing there will be used and executed in a little micro virtual machine. This is what we are basically doing. And this brings lots of protection on top of this EDR, because we learned from John's speech in the beginning that you cannot detect everything. And of course, you need to have signatures and so on. And you have patterns. But at the end, if you save one email, you have a thousand emails. And you can imagine that at least three, four, five emails will be there. Could be a polymorph virus, for example, which is not going to be recognized by an EDR system.
So, you see here a little bit what our customer is basically using. And you see here on the bottom, all the different windows. You have the CrowdStrike and even HP with the hardware manufacturer we are using. Just not only one, we are using three, four of those systems. And what we are doing is, as I mentioned, we are putting on top our isolation containment controls. So that you have a complete, let's say, orchestra of security features. And on top of that, we can also interact and connect with different other systems.
That means, for example, if an EDR system is not detecting anything and we see this little virus, because we are going to open this kind of virus and we'll be doing this on the runtime. That means we can inform other related security systems of something that they haven't seen, right? This is what we can also do. We have a very, very, very sophisticated reporting engine behind. And the thing is that we are running this virus in a virtual machine. It means that we have a lot of more information to really communicate and broadcast it to other related security systems.
So again, in terms of support, please imagine we have HP, we have Dell, we have Lenovo, of course, on only our hardware support. So every single hardware vendor is reported, at least if you have a Windows 10 or 11, our software will run on those kinds of operating systems. And the sweet spot, again, is our office application suite, which is, I would say, 99% used by the normal customer. And of course, all our browsing ability. So you can see here, this is the sweet spot.
And what we need in terms of hardware, you see it on the right side, at least we need to have an Intel i3 processor or AMD Ryzen processor. Why? Why so? Because in this processor, we have a virtualization engine built in, but it means our solution is then hardware-enforced, which makes it then much, much, much, much more, which gives it much more performance. And how does it basically work? You can see here live, let's say, an extract or simulation of an operating system, right? In the middle, you see typical office applications. It's an Explorer, could be a Chrome, could be Firefox.
And you see here in the middle, our typical office applications, PowerPoint, even PDF. And you see the operating system in the kernel. And typically, let's imagine an EDR system oversees something, a virus came in, and then the system is infected. And then you will really have a problem, right? So let's go back to normal. With our solution implemented, you can do the same. So that means our virtual engine is directly implemented and connected to the Windows or Adobe applications or even the browser.
So that means from a user perspective, the user actually doesn't really feel that he is working in a virtual machine, right? But he can do his work, he can close, he can edit and do everything or what is normal. But at the end, everything what he is doing is for a specific task opened up in a dedicated virtual engine, right? And then imagine a virus comes in, so it's in this little blue prison and the virus cannot escape. So it's really encapsulated. And if you close the application, even if the virus is there, the virus is, you know, it's vaporized. So let's do this.
Let's showcase this in a live table. For that, I need to go to my wholly own private Outlook, so my company Outlook. And you see here, this is an email. I have sent Oli again, you know, one of these emails, so he should hire somebody. So let's open this up. And you see here now, this is a classical Word document. So it's not last, but it's advertised, right? And you can now work with this document back and forth. I can delete, yeah, I can do everything. The normal infrastructure is there, right? And then I can print, I can do everything what is needed from a normal working perspective.
And look now, I think it's pretty much the same screen what was shown by John. You see here, I'm hacked, right? I need to pay a little bit kind of amount of Bitcoin, 2.5 to be specific.
And yeah, this is the typical ransomware. Yeah.
And yeah, now normally in this case, I'm out of business, right? But the reason is I'm open and I'm running this in a virtual machine right now. You can see this in this little window. And if I go to, there is a little window here. Let me open this up as a live view. And this is a little micro VM, right? It's micro VM 0004. And if I'm going to close this immediately, yeah, the affected window, so the affected application is going to be killed off the memory. This is what I'm going to do right now. So it's a very, very simple solution.
But what you can see very nicely at the moment is he's continued to working live in PowerPoint in Outlook and it doesn't impact the performance. In the past, critics have been saying, yeah, Lars, you're really slowing down the PC. But what you can see here is that you can work with that seamlessly and it doesn't impact any of the user experience. And I mentioned this in the beginning, when we look into our landscape, and especially Germany is a very, very good example because we have the BSI, you know, it's the Bundesamt für Sicherheit, for security.
And I mean, they have a standard requirement published for web browsing. And on top of that, this is one year ago, they also have a new catalog, which is called Measurements Against Ransomware. And you see it here, we can download this from the web. They're precisely talking about that a browser needs to have a specific architecture that you can go into encapsulation or use encapsulation or spread isolation. And for the ransomware topic, they mentioned also need to have a micro VM. This is exactly what we are doing.
And yeah, with that, I'm done with my little presentation. And I would briefly hand over to Lars to give you a little bit context on our UX. Perfect. Thank you very much, Oli, for getting us these nice insights. And if you want, I start to share from my, oh, yeah, exactly. But you go, you present for me from your PC that works. So let's quickly go one next slide. So obviously, the Wolf portfolio is not just the task isolation. If you look at it, right, the task isolation in its essence, right, it has different flavors, one for the small medium business, where we have also a cloud controller.
If you move this through the enterprise version, there's an on-prem version available. There's obviously more enterprise specific features in terms of policy settings and cyber forensics. Then there is a sure access solution, which is not so much linked to isolation as such a task isolation, but it helps you basically to get access, secure access to multiple application servers. And then obviously, we talked about the full stack security. There are other applications. We mentioned it at the very beginning and in the last workshop, which is the protect and trace capability.
So it means find, logging, and erasing a PC when, obviously, when they are in the network, everybody can do that, right, but when the PC is powered off, right, so and again, I really recommend if you want to learn more about that, reach out to your HP sales team or look at the coping a cool recent webinar that which we did, we basically presented there the whole solution. And then on the platform side, we talked about these capabilities that Oliver showed at the very beginning. I think what is interesting to understand, if you go to the next slide, Ollie, or I think we are very late already.
It's next slide on wax, please. What I think is important to understand that we need to look beyond security, right? So when we look at our workforce, and this is why we call it workforce experience, and I give you a sneak preview of what we're going to be doing in the next quarters. We see that, and I think everybody here on the call probably experienced the same. There's a friction less working experience, working environment doesn't exist, right?
We will facing problems when we connect to screens, conference rooms, sometimes even, you know, virtual environments don't show up as other collaboration tools to work. I think there's friction everywhere. In most cases, employees don't call IT, right? They try to fix themselves. And then in some cases, there is no standard fix, even that the service teams can do it. So at the end, you start to reimagine the PC and that's it. So which is obviously a big loss of time. And here is what we want to do with next slide, Ollie.
We want to come up with what we call a workforce experience platform, which covers all our products, all our endpoint products. So from PC to printer, conference rooms, collaboration toolkits, headsets, monitors, docking stations, virtual environments, printers, and obviously not just our own, but even from other vendors. So that you can start to manage your endpoints holistically.
Now, the question is to manage what and how. And Ollie, you can go to my last slide here, is we think about workforce experience platform, not just from a fleet management perspective, but also from an endpoint security, which we discussed today, right?
So for us, workforce experience starts with the classical fleet management and remediation features, right? So meaning basically remediating outdated biases, outdated drivers, outdated software, software that causes slowdowns, problems, blue screens, whatever. And the idea is, and the long-term vision that basically with one click, right, the fleet management portion is generating scripts, AI-based tools to generate scripts that need to be controlled, obviously, and validated by an IT admin before then they are remediating the system.
And then on top of that comes the security stack, where Wolf security comes into play, secures platforms. And here, obviously, it's not just the PC, it's also the printer. Wolf protects also our printers. And then we have the digital work, what we call digital workspaces. It's a whole idea around our conference room experience, but also our remote desktop access to workstations through HP Anywhere, remote access to virtual machines, Windows 365.
And then finally, it's employee engagement, which is basically bringing everything together, creating an employee experience for helping us to connect with employees, and trying to do an employee-centric device, fleet management, security tool in order to avoid and bring down the frictionless experience that we see from time to time. So I think there is probably time for another webinar when we have some demos to be done in a couple of months from now. So stay tuned for that.
And I hand back, Oli, unless you have something to say, I hand back to John with the closing questions, the remarks, and the audience Q&A. So from my side, fully okay, Lars. And then back to you, John.
So, yeah, thanks. Thanks, guys. That was really interesting. Let me find the right screen.
You know, you were talking about polymorphic viruses, you know, and I think that's an important thing to consider. You know, they do change every time that they get copied.
So, you know, that makes things like signature method, you know, a little bit more difficult to detect. So, and another thing that all we're talking about was around the virtual machine isolation. I think it's important to point out that, you know, not all the endpoint protection, detection and response solutions out there offer that capability. They do sandboxing, which is sort of similar, but different, you know. So in the case of like sandboxing, let's say I get an email attachment and I open that. When you go to open it, it sends it to the sandbox.
That might be local, but it's generally, you know, to the vendor's cloud. So they will run it, analyze it.
You know, there can be a lag between two, three, sometimes even 10 or 15 minutes before you get the analysis back. And in the meantime, the user might be using that and infecting their machine. So you get a verdict back from the sandbox and it may be too late. So what you all are talking about with regard to isolation, where you actually pop open a VM adds, you know, a much stronger layer of protection than you see through sandboxing. So let's take a look at the questions that have come in.
Oh, one of them was, what's the difference between isolation and sandboxing? Okay. You have just done it. Thank you. Thank you for taking the question. Yeah. I didn't know that that was there. Okay. So what happens to email attachments when they're forwarded?
Well, why don't you guys describe, you know, how your solution deals with that? Yeah, I think.
Yeah, go ahead. Yeah, go ahead. Very simple. When you receive it, right, it's like marked as an attachment that is obviously protected. Even if you save this attachment on your PC, it's still basically tagged as a protected PDF, for instance. When you open it, right, it opens in a secured way. And if you start forwarding it to someone else, right, who also have Wolf ProSecurity, obviously it remains protected. And the thing is, in order to unprotect it, because there may be reasons, right, when you really want to take it out of the protection, there is a way to do that.
But obviously, it's a manual script and it requires special scanning, which is happening through the application. Olli, I'm not sure if you want to compliment. No. Everything is set.
I mean, you know, of course, the protection is on the side who runs security. I mean, if you forward it, right, and if the other peer is not having such a solution, of course, you will not have this kind of protection, yeah. But because we always talk about intrinsic protection, right, but of course, you can always distinguish between if let's say you have a document which is already protected, and then you can remove the protection layer from this specific file.
And again, these are things that in an enterprise version, these can be configured, for instance. Absolutely, yeah. And the next question, somebody's singled out me here.
It says, please tell us what role does AI and machine learning play in enhancing endpoint security? Well, I think, you know, we've heard a lot about AI in the last couple of years because of things like LLMs, ChatGPT, and other solutions like that.
But, you know, AI, ML has been around for quite a long time already. ML has been in use in endpoint security, you know, for at least 10, 12 more years. And how it was initially used was to help identify all these variants. Because like Ali was saying about polymorphic viruses, every time it's copied, they make it look a little bit different.
So, I mean, I forget the exact number, but there are millions of variants of different kinds of malware that are discovered every year. And there aren't enough security analysts in the world to look at each variant and understand the code.
So, that's where machine learning comes in. You know, you can use unsupervised to discover anomalies in code, and then you can use supervised ML algorithms to sort of classify them.
So, that's probably the most prevalent use. LLMs are starting to be used by security companies for several different things. One of the most noteworthy, I would say, is helping to generate human-readable explanations of events and the indicators of compromise that are seen.
So, that's an area of active development that endpoint security companies are doing with AI ML today. There's a couple others here.
This one, I think, is for you all. A recent Intel announcement about hyperthreading, any impact to your solution?
So, I can take that one. So, obviously, there was an announcement from Intel that, you know, some new processors won't support hyperthreading.
Now, here, it's really important to understand our solution. So, the bulk security solution is not dependent on hyperthreading, but the virtualization capability of the processor. And therefore, you know, any of those announcements will not have any impact on our portfolio. But we will just be on a good track here to be supported by the main processor and CPU vendors. And our solution will work seamlessly without any problems. And there's one more question. We've got about a minute here. How can organizations ensure their endpoint security practices meet regulatory standards? That's a good one.
I mean, there's NIST 2, DORA, you know, that are getting a lot of airplay now. Endpoint security, I think, is very important for complying with that, as would be things like UEM, you know, doing the fleet management, knowing where your machines are, whether or not they're patched. Any other thoughts on that one?
Sorry, can you, sorry. You mean regarding NIST 2, John?
Yeah, the question was around how do you ensure your endpoints are meeting regulatory standards? Okay, so we are working permanently on that.
I mean, NIST 2 is a very important goal, but of course, we are supporting those regularities. So, that's basically it.
So, we have it on the software stack side. Yeah, I mean, with our, let's say, plenty of different solutions on the software side, on the hardware side, and of course, on the software side. Okay. And as the regulatory, you know, standards are going to evolve, we are going to evolve our products as well, and basically make sure we can, you know, comply with it.
Well, great. Thanks, everyone, for attending, and thanks, Lars and Oliver, for presenting. It was great working with you, and for everyone, have a good rest of your day.
