Panel | It all starts with the Endpoint

You've already met two of our panel members, but I, I, I just ask them to briefly intro, introduce yourselves again and just your opening statement on the topic of this discussion in which is, it all starts with the end point.
Good. So thank you very much for allowing me to join later. My name is Lars Fasman. I'm part of hp and I'm representing the digital services group for CEE. So for central and Eastern Europe, and obviously for us at AHP endpoint, security starts with hardware and goes to the operating and the software. And I'm looking forward for this panel discussion.
Hi again. Andy Aplin, the VP of Solutions Engineering for Netskope. So as I was explaining a little bit earlier about the Zero Trust model, when we talk about the endpoint, the way we see this is that data typically resides in one of two places now. So it's either gonna be within the application or it's gonna be on that endpoint. So we have to make sure that we've got control of both and obviously focus on that movement between the endpoint and the application.
Hi everyone. Again, I'm ab and I would keep it simple because I took already a lot of time in the previous question. So the, if you see the title, it's really amazing. You know, it all starts with the endpoint. So all the good things, getting your access to the resource to do the work, done, all the bad things, you know, having an attack and then distracting or disrupting your systems. And I always say if identity is the gateway to the kingdom, and then endpoint is the launch pad towards that kingdom.
So in the context of, of work from anywhere though, I mean, are we all sort of more or less in agreement that, that the endpoint is where it all starts?
Sure, it's, yeah, 100%, but it's not just the pc, it's also a printer, for instance. Right. So there are many endpoints that we have and we need to manage them and need to secure them.
Yeah, I totally agree. It's, it's all about, you know, enabling effective use of your workforce. The workforce is typically on the endpoint, so wherever they be working from, whether it be within the office or remotely. Yeah, we, we spoke about hybrid working earlier and that flexibility to have a consistent approach to both security and access so that, you know, there is no weakness there when you actually try to enable these services.
But now you've both spoken about the proliferation of endpoints. I mean, now we've got so many more endpoints that we've ever had before. I mean, is it, is it realistic to have efficient security on these things?
I, I believe it is getting there. So IOT you know, is definitely on the radar of pretty much every organization now. You know, it's understanding all of those devices. As LAR said, you know, when you're talking about endpoints, it's not just the laptop, you know, it can be the printers, the security cameras, anything that is on the network effectively with an IP address. Now, you know, internet of Things is something that is absolutely happening. Given visibility of that, you know, checking the posture of those devices is something that is also critical. So, you know, I led with ZTNA, but I also mentioned that, you know, we deliver our technology as an SSE platform, the Secure Services Edge. And so we can actually see visibly, you know, when these iot devices start to need to, you know, do updates across the internet, you know, understanding what they're doing when they're doing it. So again, it is about that endpoint and its access again.
So is Zero Trust a, an effective way of actually dealing with this? I mean, is this a good approach? Is this a good use case for, for for zero trust?
It's indeed a good use case because the work from home or work from anywhere is not going to go anywhere. So this is now a new norm and Zero Trust typically allows us to go to towards that direction. And the best thing with the Zero trust is we not only evaluate the identity, but we also evaluate the device. Is it compliant, is it going with, it's a managed device, so it's going with the recommendation or your security baseline, and then it's an end operation. So it's an identity and your device, it doesn't have to be an or. So it's going to zero Trust is going to play a major role in, in this whole area.
Absolutely. I think we are all in violent agreement here that, that this zero trust approach is the only way forward, because otherwise we start blaming employees, you know, for clicking some links. And, you know, there is the, the world is so complex, we discussed hybrid, it's impossible, right? So, and, and we need to be able to put our workforce in a position that they can safely work without being frightened, you know, being dismissed everything a little day. So therefore the zero trust for IT security is for me, an essential approach.
Okay. But now the key question is, you've got all these devices, all these users, how do you, how do you make sure that they are those users, that they are those devices? What's the best authentication methods that you've found? I mean, you've done a practical implementation.
Yeah, so even before going to the authentication method, I think what we need is basically to have a device repository. So we needs to have whatever the device is in our organization, what are devices they're uses, they're using, we need to mark them. And having a solid repository then allow, as I said, it needs to be an end operation identity and device. And then device comes from a different number of checks. So this would be my takeaway on that. Yeah,
I, I'm with you on that. You always, you're gonna need your source of truth for the identity of the user. I think that doesn't go away. You know, people, you know, whether you're using biometric authentication on the device or you know, simple PA username or password, obviously secondary authentication comes into play. There's gonna be different aspects that allow you to, you know, build up the confidence of the user. And then on your device side, measuring those devices, you know, we, we do see that, you know, zero trust, what we've been discussing seems to be mostly focused about that trusted device, which is obviously where you're going to give most privileges. But the world is moving away, not just from using a trusted device. You know, there's gonna be a Clientless approach effectively, you know, A-B-Y-O-D device that also comes into play here. So you still have to do the user authentication irrespective of whether you trust the device or not. But if you are a trusted device, then clearly you will probably give more privileges to that user as part of that posture validation of the device and the user. And then you move into, you know, an untrusted device where you still want to give access, but you're gonna give less access to that untrusted device in the zero trust model.
Okay, that's great. So then, just moving away from the, the kind of authentication side of things to the wider, the wider security tool set, sort of what are the best security tools for protecting endpoints from things like mal, malware, ransomware, and obviously phishing and, and other attacks?
Maybe I take that right. We, at hp we are not so strong on the authorization, the authentication part, but from an wider perspective, what we do is we isolate, right? So we have in our Wolf Pro security solution, there's a micro, micro virtual micro machine, which is basically isolates every task, every software, every web browser, every Microsoft application, and runs it in this little environment. And if there is a phishing threat, if there is a ransomware inside, you still work as usual, right? It does, it does not impact any of your normal behavior, right? But if there is an attack, you just close the window and you close the attack, right? So without affecting any of your operating system, any of your hardware, any of your firmware. So once you close it, you can, you can simply rely on it, but, and you close it, obviously it still resides with the cyber forensic team who can later on analyze it, understand where the threat comes from, et cetera. Right? But from a user perspective and from a data security perspective, it's gone.
Okay. Yeah. I know that there was a term we used to use about defense in depth historically, where you would build many layers of security. I think, you know, seeing data in real time and addressing those threats in real time is obviously key. And then you have to have a set of engines that you're gonna use to actually do that assessment. So you'll have your, you know, perhaps your signature based engines, your heuristic engines, and clearly your sandboxing capabilities. And every single vendor does take a similar approach. But what we've seen as a trend in behavior now is that, you know, for ourselves as an SSE provider, you, we take that traffic in real time. We understand precisely what the user is doing. We can do the application activity decoding. We can look at the instance of an application to know exactly where the user is going, and we have our own engines in line to look at those threats. But I don't think it should stop there. I think integrations into third party tooling also plays its role. So looking at the eds, you know, the, those complimentary technologies where you can exchange an IOC between multiple platforms so that you are building that, that defense in depth, but not in a traditional approach, in a more holistic way with the modern technologies that we have where we can pass off and work collaboratively with other technologies to give you that second opinion.
Okay. So the, the, the methods you've described now though, is that still effective when, when they're off, they're offsite? I mean, I think it's also challenging for many organizations to, to kind of monitor these devices when, when they're offsite they're, they via other networks and so on. And it is back to the work from, from anywhere. 'cause it's not just work from home. So you don't, you don't have that kind of control. I don't know, started with Abby where you
Yeah. So there are different challenges and I'm not going to say anything related to vendor. I want to be a bit neutral, so, and so, yeah, there's always a challenge in, in knowing from where you're coming. But it all then goes back to how we are designing our solution. So it means we can, the same concept of defense in layer, we can just have this defense in layer depending upon from which location or from which device you're coming on. So if it's an unknown device, but still you are trying to access, your identity is being validated, so you can have access to very small subset of the systems until you're able to provide back on this on the back. And I will again go back to the basics. We need to make sure that the users shouldn't have the admin access or any other access on their devices. So be lean as much as you possible. And for the vendor part, I will hand it over to you guys.
Thank you very much. Yes. I think you can get a constant, you know, security posture. Absolutely. I mean, when Gartner, we love and will hate them, came out with the SSE Magic quadrant, you know, it was the collapsing of, you know, secure web gateway C-S-B-Z-T-N-A into one platform. And that automatically in itself says, right, we can address these key use cases that an organization will want to address. And again, if I go back nine or 10 years, Netskope as an organization, we, we've kind of led with saying, we'll put an endpoint agent on the device. So whether you are on-prem or off-prem working remotely or in the office, you can have that agent active. And that sort of, you know, method still holds true today, but what we've seen is that organizations have now accepted the fact that an agent isn't a bad thing. It's actually a good thing because the processing is done in the cloud now, it's not doing it on the endpoint. I think there was a lot of negativity about having that consistent, you know, ability to sort of enforce, because you were doing too much on the endpoint eating battery eating resources, now you're doing it in the cloud. The endpoint steering client does what it says, it steers the traffic. So you can provide that consistent posture for security.
Thank you for, for leading the way here, right? Through an agent. Right. So I, historically, HP has as well, you know, something called proactive insights where we learn like, you know, our smartwatch, you know, monitors the device, our smartwatch MO monitors our body. We, we do have this, but I think there is the next level is what we call workforce experience is we want to integrate all the different tool that we have, monitoring our printers, our PCs, our smartphones, right? Bring it together and understanding, you know, the heartbeat of the device, understand how we can effectively manage them and obviously have not just an inventory, but an AI driven remediation tool, which allows it admins to be fast and effective in remediating issues that are appearing across the fleet.
Okay, great. And just like that we've torn through 20 minutes. Can you believe, so I'm, I'm gonna ask you for closing statements from, from you starting with Abby.
Yeah, I will, I will go back to my opening statement. So device is a launchpad now, so make sure to protect your launchpad and go towards the basic and make sure to start with the device inventory.
And I think I'd like just to conclude with the fact that, you know, we see the consolidation of all security services in the cloud delivery model as the way to go. It's simplification, it's cost reduction, and it allows a consistent user experience and consistent protection for security.
And, and for us, HHP, the endpoint is the battle point, the battle place for data people, the internet where we meet, and obviously we need to have appropriate solutions. HP offers appropriate solutions to meet the, the challenges of the modern workforce in, in a hybrid world.
So you are all, that's great. Thanks. You are all very quick and succinct. So we have got like a little bit of time for questions in the room, so come on guys, you've got, you've got a and girls, you've got, you've got a, an experience panel here who've you, who've done sort of real world implementations of this stuff. So please take this opportunity to ask some questions. Yes. Great. Lemme just grab you a mic.
Thanks.
Thank you. I think it's all about, aside from the end point, it's all about the access policy, which builds a frame about everything. So what is your approach to define such access policies? Do you group applications in terms of security or how do you, what is your
Approach? Yeah, so who wants answer
If you like?
So we, we need to define the applications in the tiering model. So we need to define how criticality of the application, the more critically application is with those labels, the more rigorous test we need to do on that. And as I said, when it comes to the endpoint, then we need to have an end statement. So we need to validate the identity and then validate the device. It does, this device belongs to this identity who is claiming, and after all those calculations, then we need to go with the sensitivity, how much level of access this application has, what is the sensitivity of that application. So depending upon that sensitivity, we need to adapt and require either more authentication or we can be a bit relaxed on that.
And I think what we see is that there's a best practices approach as well when you introduce policies in this way. So we typically find that, you know, there's a, there's a hierarchy to those policies. So your first point of protection is always gonna be access control. You know, if you deny access, then that's your ultimate policy, but that's not always gonna be the right way to approach this. So we find that we talk about not just access control, we talk about adaptive control. This is where we start to include the activities of a user. So allowing somebody to reach a service, but perhaps not upload or download depending upon whether it's, you know, from a managed device or an unmanaged device. And perhaps, you know, introducing then context to where data access. So then we understand precisely what the data is and if we understand what the data is, then we'll make a decision against that as well. So you build your, your policies in layers, you know, to give you your, I guess your strictest aspect, first to reduce the risk and then you step it down to ensure that you are giving access but in a safe manner. Okay,
Great. Thanks. That brings us very nicely to time. Please show your appreciation for our panel.