HP Endpoint Security - Time for a Different Endpoint Security

Okay. Yeah, so welcome. Unfortunately all my slides are in German language. Who has a problem with German language here? That's fine. So we can do it in German, right? Bad luck for you John.

Yeah, it's time for a different endpoint security approach. My name is Heinz Mora and I'm responsible for wolf security here in the CE region from a sales perspective. So not too many technical questions today. So little agenda. First of all, we will have a, a quick look at a IT security overall. What's the situation today? The question about security investment versus success. Do we spend the money for the right things, new targets or old targets, new discovered? And last but not least, how HP Wolf security security can help to close the gap. So security overall one gap is enough.

You know, security is, is, it's a very tricky thing. And if you have one gap in your security line, it could be enough to yeah, go down to, to the, to the ground. And if you see these companies, you know what, all these companies haven't coming. They have been hacked over the last couple of months. And if you see these organizations, can we expect that they had hadn't any security controls in place? Most likely not. But obviously they didn't work or didn't work good enough. So in 2022, that's a number from, from the bitcom.

Here in Germany, the economical damage created by cyber criminals is 203 billion euros, 203 billion euros is a huge amount of money, but it's just a number. If you have nothing to compare it, it says nothing. And I compared it with the tax income of the German government. You see it's 328 billion euros compared to 203 billion euros. So we can say cybercrime is a, a huge problem for, for our economy. So in 21 in Germany, they invested 6.2 billion euros for IT security. And this number will increase until 25 to 8.9 billion euros. And the question is, where do we spend the money?

So we see that the typical refugees, it's EDRX, D-R-N-D-R, email security, P pump, boom securities, so privileged account management solutions and quite new driven by Z. These two initiative from the European Union, it's D-L-P-D-L-D. So data loss prevention or data loss detection. So in terms of D-L-P-D-L-D, I have two news for you. A good one and a bad one. A good one is DLD. There is a lot of technology in the place that is really great. For instance, force Point has a great DLD solution. DLP is not possible at the end of the day.

Why not As long you are able to store data on your C drive and can take your laptop with you. How can you make DLP? So that's a, a problem. So on the other side, do we spend money in process optimization or employee qualification and things like that? So if I talk to, to companies about processes. So let's assume your EDR solution creates an alert. What happens next?

Yeah, well, Mr. Miller in it will get an, an email and he will take care of it. Okay. And now Mr. Miller is off sick or on holiday, what happens then?

Well, we might have a re a solution for that. Yeah, you might have or you have. They don't know. So do we have any, anything where your processes are described on paper or whatever?

Well, we don't know. So it's because security is, is quite often historically grown in companies and it was always a little nasty secret in the companies and nobody wants to talk about security, but the time is over. So let's come back to two of, two hits to the analogy of, of boxing. We have two hits here. One is Fitz Meyer on the 17th of January, they realized that they had been hacked. That was the moment when they realized that they had been hacked. Nobody knows when they had been hacked.

And the other one is move it, move It is a very strange story because move it is a company owned by Ipswich Limited or APLC, it's APLC and move. It is for secured data transfer. And this solution had been hacked. And that creates a lot of problems. You see all these companies here were affected by this hack. You can only see the, the, the business area, not the company's name. But if you go on the webpage and you click on the, on the browser, you will see the company behind. And if you see we have 10 on this page, but the whole document have 55 pages.

So, and an end of this hack is, is not on on the horizon at the moment. So what are the costs of a hack from the hacker's point of view, you can buy plug and play malware for less than a a donor.

You know, you can say why a donor is quite expensive nowadays because of the increase of of pricing. But HP made an ANA analysis in the dark web and we found more than 35 million cybercrime marketplaces in the dark web, 35,000,006 76% of the listed malware. And 91% of the exploits cost less than $10.

So, and if you a little bit like an yeah, let's say a a totally technical Yeah, some, somebody like me, because I have no, no clue on, on technical stuff, you can order cars CAAS and that means cybercrime as a service. You can order a service that that means hack Deutsche Telecom. And after the hack you can rate the hacker one or five stars how success, how satisfied he was with, with his work. So in in in the follow of that, the insurances will not insure cybercrime or cyber attacks anymore because why? Because it's too expensive and it's not calculable.

So if I build a house on, on, on, on, on a, on a volcano, okay, the insurance company knows exactly how expensive is the house and how, how big is the likelihood that the volcano will will blast and they can make some kind of a cost and risk calculation. The cybercrime is not possible because we saw Conti, one of the successful hacks of the last couple of months. It was a ransomware attack and the the ransom was 50 million euros.

Yeah, 50 million. But they can't, they could ask 70 or a hundred million.

So the, the damage is not calculable for the insurance companies. And the outcome is that they say we do not insure it anymore. Or the cost for such an insurance is so high that nobody can afford it anymore. So yeah, I i I jump over this because what Albert Einstein said, doing always the same thing and expecting different results is totally stupid. And he's right.

Okay, so if we talk about targets, so we have new targets and we see old targets a renaissance of old targets, let's say this way. So we see more and more attacks below the operating system. Why? Because the, the, the common security products do not see attacks below the operating system because they are working on operating system level. And we see more and more machines with extended access y These are machines with higher rides on, on, on further machines. So if you say letter movement, machines like that are very interesting for hackers.

And an old friend, the printer who's taking care of his printers here, nobody, huh? Because the printer is an endpoint and it is in the network and you can pull in, put, put in A-A-U-S-B stick into your printer. Okay? And last but not least is the fact of the human being. And that's what we are taking care of. So the human being. So you can spend a lot of money in, in technology. If you have Dave on, on the, on your side, the human error, you're not secure because you will always find a Dave in your company.

And without blaming someone here in the room, where are the most Daves in the company? HR and marketing. And it's not because they're stupid because they have to do their jobs. What will you do if you are in, in HR and you get an initiative application with a CV as a, as APDF?

What, what do you do? Yeah, you have to open it and you never know what's in there. Yeah. So the connection between man and machine is, is still entry number one for every hack. It starts always with a human being. And there are 85% other organizations say 90% or 95, doesn't matter if it's 85 or 91% is enough. You will always find a person in your companies that clicks on a link in a phishing mill or whatever. And that's an interesting statement from Bruce Schneider.

He said, amateurs hack systems professionals hack people. And that's true. So how can HP support here? So if I ask you what is HP doing? What makes hp Huh?

Printers, printer and laptops and ink. Yeah, that's it.

You know, that's hp, now HP develops over 20 years innovation in, in terms of endpoint security. So we can say that we, at the moment we have the most secure laptops in the market. 'cause it comes with an security chip with a lot of, of security features on the laptop itself. But beside of that, we have the technology of Wolf Security. It's an acquisition of hp. The company was known as Bromium and was acquired in 2019 by hp. And this technology is hardware agnostic, so it's not required that you have an HP laptop.

We love it if you use HP laptops, but if you are a Lenovo customer or a Dell customer, you are welcome as well. And what we are doing here, the the product is called Sure click enterprise. And we call, what we're doing is calling threat containment. Okay? The point is, task isolation or threat containment helps you to, to stop an, an attack on the endpoint before it harms your network or other machines in your company.

And how we do do that, so the traditional security products are running on operation system and they give you an alert if they find something that's nice, you need an EDR solution. Definitely. Yeah. And an EDR solution will give you an alert if they find something. The problem is, if they find something, it's on your machine and the time between infection and alerting can be between one and four days. So that means a malware on your endpoint in that time can create a lot of trouble in your company. And that's where we come in into the play.

So our approach is to isolate tasks on the endpoint. That means ev and for us it's totally un unimportant. The signature of of a, of a malware or the behavior of a malware for us is important. The source. Yeah. That means if something comes from a source that's not reliable or known, then it will, will be opened in an, in an isolated.

So we, we call it secure micro four m Yeah. It's, it's open in a secure form. And inside this four, the malware cannot jump on on your system. They can do whatever it's developed for. Yeah.

They, they, they shall do It, shall do what, what it's developed for. And the first step is isolate. And the second step is analyze. So in the background we see what tries this, this malware to achieve. So we can analyze, oops, in the background. And here we have the Mitre attack framework behind and we see the complete attack chain. A classical EDR solution will, will stop the attack at a certain point. And you see only a, a part of the attack chain. We will see the complete attack chain and what can we do with this information?

We can gather this information and fill it or yeah, fill it into your existing security controls and sharpen your, your security environment. And exactly this approach is something what the BSI here in Germany advised their organization and the companies to do to make your organization secure against phishing and ransom use Yeah. Capsulate environment. So that's exactly our, our wording, what they're using here, because we are working very closely with the BSI.

So we, we can say in, in the public sector in Germany, we have, with our product 65 to 70% of, of market share. So you will heavily find a public organization that is not customer of HP Wolf security if it comes to task isolation. Yeah. The biggest customer we have. And that's important for, for our customers. In terms of operating costs, how costly is it to operate a solution like that? Our biggest customer runs sure click on 80, 68,000 devices and he managed the whole environment with a half person per year. So the operating costs are very low. Thank you.