Hello, everyone. Welcome to our webinar today. I'm John Tolbert, Director of Cybersecurity Research here at KuppingerCole, and today I'm joined by Oliver Pfaff and Lars Faustmann from HP.
Welcome, gentlemen. Hello, everyone. Good afternoon. Good morning.
Remember, you're joining. Well, thanks for being here.
Today, our topic is going to be about revolutionizing secure PC fleet management. So some logistics info before we begin. All the audio is controlled centrally, so there's no need to mute or unmute yourself. We're going to run a couple of polls at the end of my section of the webinar, and then we'll look at the results at the end. We're going to do some Q&A, so feel free to add your questions to the Cvent control panel at any time, and we'll take those at the end of our session today. And then lastly, we are recording this, so both the recording and the slides should be available pretty soon.
So I'm going to start off, talk about endpoint security, the different threats, challenges, and trends that we see, and then I'll hand it over to Lars and Oliver, and they can talk about PC fleet management. And then we'll look at the poll question results and the questions that you submit at the end. So first up, endpoint security. What are the threats, challenges, and trends that we see?
Well, some of the biggest threats that we hear about today are around ransomware and theft of devices. So let's look at ransomware first. Unfortunately, it's a growth industry, and it's one that's experienced a lot of change in the last 10 or so years since it has become, unfortunately, very popular.
You know, in the beginning, ransomware, in some cases, was kind of an annoyance that happened to individual end users. You know, you might get something to lock your screen, you had to, you know, get the right password to unlock it, then they quickly moved into encrypting data.
And again, a lot of this was targeted at individuals, but soon they realized businesses had more money. So then they started encrypting local machines, then they figured out that people had a lot of data in the cloud, so they wanted to back that up to encrypt things that were in the cloud, including backups. Then we saw some state-sponsored activities that used, you know, destructive wipers. These were kind of under the disguise of ransomware, but really it was designed to just wipe machines, zero out data. Then we saw encryption with data exfiltration first.
This was, you know, they'd break in like an APT or advanced persistent threat actor, move laterally around the victim network, look for what they want, and then they'd exfiltrate that staged ransomware. And then kind of to cover up their tracks, they'd detonate ransomware just as they were exfiltrating the data. Now we see a trend towards just breaking into networks, often with compromised credentials, and taking information without encrypting it. And we'll talk about why in just a second. So when is ransomware not ransomware?
When they do that, they break in and copy data just to extort money out of the victim without actually encrypting it. Because, you know, the threat of leaking it sometimes is more worrisome, and then that makes it even more profitable. These cyber criminals sometimes pose as penetration testers, you know, you didn't invite them to do this, but they do it nonetheless. And these transactions might be seen as more discreet, you know, it may not make the news, it's less disruptive to operations.
And a downside to this is the cyber criminals then sometimes ask the victims, hey, don't report this attack, we're just pen testers, we just proved that we could get into your network, we've got this information, and if you pay us, we won't release it into the public. You know, we fear that this could actually become a trend that leads to under-reporting of cyber attacks. So what has made ransomware so popular?
Well, cryptocurrency. That's a big part of the reason.
You know, it's availability, it's acceptance, it's, you know, meteoric rise in value over the last few years. And then, of course, the willingness of victims to pay the ransoms. If people weren't paying, it wouldn't really be a thing. Cyber security insurance, you know, organizations can take out cyber security insurance.
And, you know, that puts a lot of encumbrances on those companies that get the insurance to have a mature cyber security architecture. But, you know, insurance, unfortunately, helps pay ransoms, and that kind of perpetuates this. We've also seen specialization in the cyber criminal labor market and the development of ransomware as a service as a business model. What does that look like?
Well, you've got the service providers. These are the ones that we mostly think about when we think about ransomware. The organization that develops the malware, you know, provides updates, you know, dare we call it technical support. They recruit and vet their affiliates. Those are the ones that actually carry out the attacks.
They, you know, put up sites to collect the ransom. They provide decryption keys, and then they pay the affiliates. Then there are access brokers. These are people who, unfortunately, you know, discover compromised accounts, you know, enterprise accounts, accounts to get in via VPN, things like that. Sometimes they make contact with disgruntled insiders, people who are willing to sell access to their accounts, and then they broker these to affiliates.
Again, these are the operators, the ones who are out there looking for target companies. They conduct the attacks, and then they get paid. And then there's this other role called negotiators. They sort of serve as intermediaries between the victims and the affiliates and service providers, generally trying to negotiate a lower ransom amount. So let's just talk some numbers for a minute here. Sixty-six percent of organizations have experienced a ransomware attack.
You know, how do ransomware attacks come in? Well, they're exploited vulnerabilities. That's why we always say patch management is important. Compromised credentials, like I was mentioning, malicious email, phishing, those are still very prevalent methods. A little less so on the brute force attacks. But more than three-quarters of the time, attackers succeed in encrypting users' data just last year. And about a third of the time, attackers exfiltrated the data first. So that's why we say that this exfiltration and extortion is probably increasing in popularity amongst the criminals.
Average recovery costs, not including ransom, is approaching $2 million per incident. According to this report from Delinea, 26 percent of boards are talking about cybersecurity and ransomware. Half of them are concerned enough to have it on the agenda. Executives and boards are listening, but not all are acting. We see an increase in cybersecurity budgets, but, you know, there have been more attacks and larger losses too. But I guess on the good side, more than 90 percent report they have an incident response plan in place now. So the changes in tactics.
We see that affiliates are doing more in-depth research on potential victims. They even target insurance firms, those who are offering cybersecurity insurance, to figure out who's got a policy in place to make it such that the, you know, that victim will be more willing to pay for it. And they're looking at entire supply chains. Affiliates are often buying access, you know, getting those compromise credentials rather than breaking in, which means, you know, the way you detect it is going to be very, very different from simply looking for malware.
There's a focus on enterprise software due to slower patching cycles. I mean, I think we all know about the criticality of certain enterprise software systems, how, you know, you only may have two or three opportunities a year to do updates.
Therefore, discovered vulnerabilities lead to exploits that, you know, may continue to be exploitable for long periods of time. And they attack small to medium-sized businesses to get access to bigger organizations. Some of the new techniques that we've seen, rapid weaponization of newly discovered exploits. I was reading that, you know, sometimes less than a 24-hour turnaround before a vulnerability turns into an exploit, which can then be used in the wild. Ransomware developers are moving to Rust because, you know, it's harder to reverse engineer. It's platform independent.
So, you know, write once, use in many different places. Another thing they've been doing is using partial encryption, because if you're looking, if your anti-malware solution is looking for changes to files, it may be harder to detect the files that are only partially encrypted versus fully encrypted. And on the good side, use of security tools like the ones we're going to talk about here today, XDR, MDR, EPDR, all the DR tools, are actually frustrating the cyber criminals and their affiliates and making it harder for them to be successful in their attacks.
So that's why they continue to come up with new vectors and new malware. So this EPDR I mentioned is a combination of endpoint protection, you know, you may call it next-gen antivirus, plus some extra features in EDR. On the endpoint protection side, again, it's kind of looking for, it's just an anti-malware, plus some secondary features like an endpoint firewall, URL filtering, you know, the ability to keep employees or contractors from going to known malicious sites or questionable sites where they might pick up malware.
Application allow listing or deny listing, this is, again, providing controls so that your employees only run safe or known safe software. And then lastly, system file integrity monitoring. This one's important because in order to have the persistence part of an advanced persistent threat, they have to generally change files in, say, your main operating system directory. So if you're watching for changes in those directories and preventing that, that's a good way to prevent the persistence aspect of a ransomware or APT-style attack.
Endpoint detection and response, this is on the other side, okay, you know, you may have been hit already, it may not have even used malware, but if it did, you know, you need to be able to detect what are the indicators of compromise, you need to be able to pull in relevant cyber threat intelligence, maybe use sandboxes for unknown code. These EDR solutions provide alerting and reporting mechanisms, query interface that you can do threat hunts looking for signs of malicious activity all around your enterprise.
They feature console for admins, analysts, threat hunters to be able to do their work. And then manual and automatic response functions.
Again, this might include things like terminating processes if they're known to be malicious, quarantining files, isolating nodes, isolating whole networks, blocking access to IPs. There's a wide range of things here, even up to including, you know, like wiping endpoints, rolling back registry changes, and doing restore. Good news is EPDR can stop ransomware. There's a lot of different methods that can be used for this. The old signature method is still used by a lot of providers in this area because it's fast.
They can also look at memory, memory analysis, looking for patterns, what's actually in memory when it's running. Sandboxing, I hinted on that, that's, you know, taking unknown code and running it somewhere before it gets a chance to do damage. Using AIML because there's just way too many malware variants out there for cybersecurity providers to look at every piece of code and determine whether or not it's malicious. So AIML is definitely helpful there.
And then looking at behavioral analysis of the code, you know, what might indicate ransomware, trying to encrypt common target locations, specific directories, encrypting certain file types, making mass changes to file extensions, looking for certain file types, attempting to zero out data in files. And then on Windows, you know, you've got the volume shadow copy. Most of these ransomware attacks start by deleting that because that's an easy way to do a restore. So they want to make it harder for you to do restores.
And then also any attempt to delete an online backup should trigger some alarms too. So these tools that we're mentioning, NDR, XDR, managed detection and response, like I said earlier, it's having a positive effect in preventing attacks. Why we talk about NDR, network detection and response, because attackers have to use the network, even if they compromise the machine and they might be able to wipe the logs to cover their tracks, it's harder to get rid of signs of activity on the network.
So on networks, NDR tools are, you know, trying to observe things like reconnaissance, evading of defenses, lateral movement, trying to collect data, command and control, traffic outbound, and then of course, exfiltration. So we've been saying, use the R features, you know, the response features of these various detection and response solutions to automatically block data exfiltration. So now let's talk about the other type of threat, theft. So there are, fortunately, hardware and software solutions that can help prevent theft.
So, you know, for many years, any of us who've worked in enterprises have heard, you know, always be on guard for someone trying to steal your laptop at an airport, because that happens fairly frequently, unfortunately. So we're trained, keep an eye on your laptop bag, don't let it out of your sight. But did you know that places like buses and trains, any kind of transportation, not just airport, is an opportunity for a criminal to grab not only your laptop, but your phone, then, you know, restaurants and coffee shops.
I mean, everyone stops in, you know, at lunchtime, or maybe gets a coffee on the way in or on the way home. Don't let your laptop out of sight. They're either hotel common areas, conference rooms, you know, those can be places where malicious actors are looking to pick up laptops, even in your hotel room.
I mean, we'd like to think that the safe in the hotel room is safe, but, you know, the staff have keys, they have ways to get into them. And then cars, you know, it only takes seconds for a smash and grab to happen at a stoplight, or, you know, leaving a laptop in your car after work when you're going to, you know, say a school or a library, or, you know, if you're carrying it through a park, you take it into the gym, put it in a locker, all these places where we'd like to think that our equipment is safe, it's not really safe.
So it's good that we have software solutions that can help keep track of where these devices are, and then also be able to take proactive steps to not necessarily get it back, but at least wipe the data that's on there. And it would be excellent if there's a way to do that, even if the machine has not been turned on recently. So let's talk about the kinds of software that have these capabilities and where it's come from.
So, you know, in years past, say more than a decade or so, you know, we had configuration management databases or CM tools, you know, and these were about, you know, managing desktops, laptops, mostly Windows. It was about having a place where you could put a gold image and quickly re-image a machine, and a good way to get sort of like a basic inventory of what you've got for your PC fleet. Then along comes mobile devices, everybody, you know, starting to use smartphones, tablets, in a business context.
So then it became important to make these kinds of solutions for other operating systems like Android or iOS. And then we added features like device provisioning, being able to do tracking to a limited extent, patch management, password management. And then here comes the remote wipe, the ability to say, okay, I lost my company phone, call the help desk, at least they could wipe it. Then we moved into the EMM era, the enterprise mobility management.
Here's a realization that, well, you know, we really shouldn't have, you know, a different configuration management database for PCs and servers than the ones that we're using for smartphones. So let's roll it all together. That means they have to, you know, address more than Windows and Android and iOS, but also Mac and Linux and Chromebooks and things like that. A lot of this was driven by, you know, BYOD, bring your own device. So people could bring their own devices to work and expect them to work, but they needed some sort of policy to do that.
For security, here's where we first started to see things like mobile application management, mobile content management, plus that patch management. And here's the first instance of really identity management on the mobile devices, especially. Enter the present time period, you know, here we have UEM, unified endpoint management. This aims to cover all of it, you know, desktop, laptop, you know, phones, tablets, some IoT devices, things that you see at kiosks or point of sale systems.
And again, we've had to expand the kinds of OSs that are under consideration here to include things like Fire OS and Raspberry Pi. Here you have device lifecycle management, as well as application content, vulnerability, security, asset management, and adding another major feature here is compliance monitoring. So looking to the future, what do we think we see in the UEM space?
Well, not surprisingly, it's going to be more cloud-based. It will be about continuous patching, being able to keep all those different kinds of devices up to date. It's likely going to include more IoT and OT operational technology use cases. I think we'll see more AIML behavioral analysis, especially. And then bringing some of the features that we have in other security tools like orchestration, automation, as well as vulnerability mitigation to that.
So here, you know, looking at UEM, it's not something that can sort of function by itself. It's a very important thing. You need to be able to manage your PC fleets. You need to be able to manage your devices of all kinds. But it also needs to work in conjunction with and occasionally share information with things like your EPDR system, which I was talking about a minute ago with, you know, to prevent things like ransomware. It needs to be informed by threat intelligence. It needs to interact with your ITSM, your ticketing solutions.
So here we see lots of need for integration for all the various aspects of your security architecture. So to wrap it all up, EPDR, important, helps prevent ransomware and various other kinds of attacks. UEM can be very helpful as a method of doing your fleet management. But you need both and other technologies that are sort of parallel, these like vulnerability management and attack surface management. So let's take our first poll question. Which types of cyber attacks are you most concerned about? Is it ransomware? Supply chain attacks? Laptop theft? Loss of your intellectual property?
Or maybe losing PII that results in a data breach that you've got to report because there are reporting obligations in various jurisdictions around the world now. And okay, poll question number two. What are the three biggest challenges in implementing cybersecurity as you see it for your organization? Is it getting enough budget to buy the tools and staff up appropriately? Is it that you have silent organizations?
Maybe you're in a big company, you've got three or four major business divisions, and this division gets plenty of money, but they don't necessarily, you know, peanut butter it around the enterprise such that, you know, you can all benefit from the money made available to specific business units. Is it having a skill shortage?
I mean, we talk about that quite frequently. And in this realm, you know, there are not nearly enough people to do identity management and cybersecurity out there today. Could it be that you already have too many tools?
You know, I've mentioned kind of an alphabet soup of different tools out there, and we always find room for more. Does it seem like we have too many tools and you're looking to consolidate? Or what about stakeholder management? Do you have trouble getting executives to buy into the need for additional tools? And then we will take a look at the results of these at the end.
So, just a reminder, please submit your questions in the control panel, and we will take those at the end. And now, I'd like to hand over to Oliver and Lars.
And now, I'd like to hand over to Oliver and Lars. Hey, cool.
Hello, John. Hello, everyone out there. Good afternoon.
Oliver, shall we get it started? Do you want to kick us off? Ready. I'm ready. I'm ready.
So, yeah, let me share my screen. And while I'm doing this, give you a quick introduction who I am. And then I'll let Lars talk as well who is he. I am Oliver Pfaff. I'm running Germany and Austria for HP, completely software and services business. And one of our biggest and most interesting products, of course, from the security side of the house.
And yeah, Lars, presentation is going to start. Maybe you introduce yourself as well.
Yeah, exactly. So, I'm Lars Faustmann. I'm part of the Central and Eastern European category team for services, and I'm responsible for digital services.
So, I'm delighted to present to you today with Oliver, our newest kit in town, which is the fleet management solution or some parts of it, which are new from our perspective. But before we do that, we first want to share with you a little bit the entire security portfolio to give you a little bit of flavor, how we as HP respond to the challenges that John just outlined.
So, let me start a little bit with the security stack. So, we call it always the hardware security stack. I would say hardware security stack means more or less what is married with our nice hardware, right?
So, we have lots of features there which are always below the BIOS, right? And this is not the topic today, but this is very, very, very, very interesting to know, because it will be part of our next sessions together with Copenhagen Core, right?
So, we have the security stack for our PC business, and we have it, and this is quite important also for the print business, right? And you can see it here. We have plenty of those devices, and we still haven't received any rootkits so far, right? The second side of the house is our software stack or our software portfolio. You can call it also hardware-enforced isolation, yeah? And John was talking in the beginning about ransomware, and for the ransomware, we have a dedicated endpoint security solution which is called SureClick, and this is also part of one of our next webinars.
I just want to teaser it that you know that our portfolio is growing, and you see it here, plenty of solutions are available, but our topic today, as Lars was mentioning, is our Protect and Trace and Wolf Connect. This is all about data loss prevention or theft management, and this is now what we are going to show. As Lars mentioned, it's the new kid in town. That's the reason why we are doing this nice webinar, and yeah, you know, the challenge when you have a theft and when a PC is getting stolen is always, I mean, this is nothing special, you know?
You know that maybe from the mobile space, if you have a smartphone, an Apple smartphone or an Android smartphone, you can, let's say, you can find it, you can locate it, yeah? And then, of course, you can erase it, but mostly, the challenge is what are you going to do with a notebook which has been stolen recently, which is not connected anymore, right? It's completely off because the first thing what a clever thief is doing is not getting into a network because, of course, if you are connected to a network, it's very, very easy to locate it, right?
The second thing is what's going to happen if this stolen notebook is powered down? It's offline, right?
So, this is not easy to handle, and the last challenge is typically those notebooks, maybe what is what's going on if you cannot boot it properly, right? And I think for that, we have a nice solution, and this nice solution is called Wolf Connect, yeah, with Protect and Trace.
How we are going to do this, technically, so we have our hardware, you see here an HP notebook, and you see we built in the hardware an eSIM card, yeah, built into the hardware on the main board, and secondly, we have a dedicated telemetry service or a dedicated network, yeah, and with this dedicated network, we are able to locate our devices even when they are offline, right?
And then, of course, we have our cloud infrastructure in the back, and then if you're an end customer of your partner, you can handle it through your own operations, but we provide the infrastructure that you can say we are going to lock the device even if it's offline, yeah, or then even we can delete the device. And what are the ingredients? What do you need for that?
Basically, it's very simple, yeah. First of all, of course, you need to have a compatible PC, which is in HP world, our generation 10 or now generation 11 devices, yeah, this is quite important.
Then, of course, you need to have the Wolf Connect service, so that means you need to decide before you're buying a notebook that you have this little eSIM, let's say, on your main board, yeah, implemented up front. And lastly, of course, last layer is you need to have a proper application, which is doing the trick or doing the magic, right? And this is protect and trace to really find the notebook, then lock it, or then erase it. So that's it so far, and I would say, as Lars was mentioning, let's kick this off to really showcase this in the real world, how this is going to work.
Lars, the floor is yours. Super.
Thank you, Oli, for this great introduction. And we said in the teaser, we are going to add some Hollywood experience, and therefore I'm removing my virtual background now, and you see that we are literally, and you see it, I'm proving it here, I'm sitting literally in a car. I'm not driving the car, so we are safe, but I'm in the car, and imagine I have been just coming from a business meeting in the hotel lobby, and I'm realizing, oh, my PC is not there where it should be. It's not anymore in the pocket where I usually have it. So I have been a victim of what John was describing earlier.
Someone has probably stolen my laptop. At least I'm not aware that I lost it somewhere, so what to do now? As I have luckily an HP PC with HP Protect and Trace with Wolf Connect, means I know I can call my IT support, and similar as we can locate my phone, they can locate my PC, and this is what I'm doing now.
So imagine I'm giving my IT support a call, and I tell my IT support the problem that I have, and they are starting to share the screen as I am doing this now, and I'm telling my IT support my username, and they are identifying it, they are finding even the serial number, and they are realizing, oh, we have a solution for you, and again, the HP solution is part of what we call HP Workforce Experience Platform.
So it's basically our fleet management solution, also known in the past as Proactive Insights, and what they can easily do is, they are basically, because we have enabled the geolocation, even though the PC is offline, they can locate it where it's gone, and now I'm zooming a little bit in, and wow, you see, now you need to look as well at Ollie's screen.
So we realized, I lost the PC in Stuttgart, but now, as I'm on the way back home, the PC is physically in Würzburg, so Würzburg is a German city, and somebody has really stolen it, and maybe Ollie, you can open your camera and really show that the PC is indeed offline, right? So it's not on, right? You can see it here, the PC is offline, and basically, this is my living room here, my office here in Würzburg, so I'm the thief here, and you can see, nothing is going to work, it's completely offline, and let's keep it closed, Lars, okay?
Yes, okay, good. So now, as I'm concerned, because it contains sensitive data points, I talk to the IT support and ask him to now lock it. So imagine that the screen that you see now, it's indeed the IT support, and we are basically putting a lock request, and I'm typing here a little message, say, please call plus four, one, one, two, three, four, five, six, seven, eight, if you find this PC, finder 500 euro, okay? So I save this now, and again, this is now the request to lock it, okay? So I need to put the approver here, which is at the very end, I think.
Voila, and that's exactly the approver who needs to approve it, because obviously, the IT support can't do this on its own, just lock or erase freaking devices. This is why what we see now is here, as you see now in the overview, I'm not sure if you noticed earlier, the status here has changed from active to lock requested. So there is a lock request now out there, and we need to wait for the lock request to appear in the approver screen. So which should come up now here. Do you see a chance on your side?
So there is, by the way, this is now an app, right, which is available through the Microsoft store. So usually the idea here is that we have a two-eyes principle that not everyone can just lock devices without any second approver.
Therefore, the approver tools should now come up here on my side. Not sure, Oli, if you see it on your side, the lock request. Maybe do a re-lock in, maybe, yeah.
Yeah, exactly. So the tool is called HP Protect. I think you need to look for Wolf right now, maybe, yeah. It brings me all type of HP goals on the app side. There we have it here. That's it. Comes forward. Sign in again, just to make sure it comes through. So while Lars is doing this, this is the four-eyes principle, right?
Normally, you have then a dedicated person who is doing this in your IT department. Let's see. I haven't remembered it.
Voila, and here we have it, right? So now it's just a matter of refresh. So here we have the lock request, which I'm now a secondary person. You see even the message here that I put there. I press approve. You see now the approval request has been processed in the approval tool. Now I can change that, and if I start to refresh now, workforce experience platform here, where we see this PC, now you see lock pending, right? So it changed from lock requested to lock pending, and now, obviously, this can take usually between 12 seconds and about seven minutes that the lock is executed, right?
So now, Ollie, if he would start to powering up this PC, thinking he is smart, he is not connecting it to the network and get off some data, you can see now, Ollie, now the stage is yours, right? So if I stop share for a moment and you can pin on Ollie's video stream that you can see his PC, and Ollie, I'll let you comment what's happening now.
All right, so what's going to happen now is the lock request has been sent. As Lars was mentioning, this takes roughly, ideally, in 12, 15 seconds. It depends, of course, where you are and how the connection will be, right? I'm here in Würzburg in my home office. So normally, I would say now the PC should be already locked, right?
So Lars, maybe you can refresh it on your side that you can see it's already locked, and we are completely sure that it's really locked, and then otherwise we are waiting a bit. And then I will, let's say, press the start button here, and then you can see the lock screen.
Yes, so okay, I'm sharing my screen again so that you guys can see it's really, you know, the lock has been processed. Yeah, that was quite fast. So you see here, yeah, the status has now changed to locked. That means that's the signal for me that I'm completely out of business right now. That means I'm going to press the boot button. I hope you can see it properly here. You can see it. We see it launching.
Yes, and there, you guys, now we can see it. It shows exactly the message that I put in, right? So please call 123 if you find this PC, find a fee of 500 euros.
And, you know, there is literally no chance that Oli can take any mechanism to overcome this because it's part of the boot sequence. So there is no chance that you can get this PC launched anymore. It becomes completely unusable for anyone else. So to work with it.
And Lars, I mean, the topic or the message is it's unusable, right? So that means a potential thief will, that he has no fun with it anymore. It's over.
It's over, right? So the hardware, let's say, you can put it to the garbage collector at the end, because you cannot use it anymore. And that's, let's say, the beauty of it, that you really can say, when it's locked for the theft, it's done, right?
So, but of course, we need to work with that again, right? So Lars, I would like to really use it again, right? So what we need to do right now.
So, okay. So let me continue then the story. So obviously in the real scenario, right, you would now, if you don't find it, if you have, if you could not even locate it or it's in another country, right? So anywhere in the world, you could have even deleted the PC completely and it will be unusable forever, right?
Now, obviously in our case here, as Oli said, we assume Oli was smart enough to send me my notebook back saying, apologize, I took the wrong one. So here it is. I paid the finder fee of 500 euros. He got at least some money back and I have my PC back. So I call my IT support again and say, look, please not delete, but unlock the device.
So, and that generates here an unlock code, which Oli is now entering. Oli, you see it on the screen. 3767740. He has put the unlock code in.
I mean, assume now that the PC would be, I would be back in my home, back in my possession. So, okay. And now he's, the PC is booting up as you can see in Oli's video.
My side, it still shows locked. Again, that would take, it could take here, a couple of seconds, two minutes to refresh. And you see already on Oli's side, it booted up again. So we have unlocked the PC and it's usable again. So if it's back in your position. So that's our approach, how we think about this whole idea of securing our fleet, securing our data. And we see plenty of use cases, especially around securing data, making sure that the PCs who are handed over to temporary staff, who are not, where we haven't got them back, all of that, there are many use case scenarios.
And we invite you to reach out to your HP sales person. I know we are around many countries. So I'm sure you have HP offices, you have HP sales people whom you can talk to and who will help you discovering that solution. And obviously, we are interested also now in the Q&A session to understand what are use cases where you can think about how the solution can help you with fleet management. Maybe one comment from my side last. I think the whole asset management topics, of course, a very, very, very nice topic.
I mean, when we talk to customers, to our big customers, they're always telling us, yeah, I have so many devices. And to be honest, I don't know where they are located. It could be 10, it could be 20.
I mean, somebody was topping them up each other. So we had a customer recently who said, OK, I'm missing 20 to 30 PCs. So that's a very, very, very interesting use case as well. And just think about, many PCs are leased those days, right? And obviously, it's super important in the leasing contract to know where devices are because that is driving the risk part of your lease, finding your lease. And it provides significant assurance to the leasing provider if we always know where the devices are, if there are certain controls around it. So when you have this feature of locating your PCs. Good.
So I think I'm not sure if we want to wait. Give it one more try to refresh it here. Usually that takes, again, some minutes to do. It's still locked. But you need to trust me now. That would change probably in the next five minutes back into green, into active. But I don't want to waste time right now waiting here, but hand over to John and the host here to share a question that you do have. Sure.
Well, thanks. Yeah, that was really interesting and good demo, especially going out to the car. That's taken it to the next level. Thank you for that. Could you all start by talking about what's the underlying technology that makes this work? I know we've discussed this before, but I think it may seem a bit magical, but there's definitely some good hardware, software capabilities here. Could you kind of go into a little bit of detail about how this works? So thank you, John, for asking this question.
Obviously, as Oliver explained it, when you buy an eligible PC, you have the possibility to add two options. Either you have a normal LTE or 5G card slot that you just commonly use to access the internet, or you have the opportunity to buy what we call a narrow band SIM card, which is just there to perform exactly what we just have seen, to connect the device with our infrastructure, which we call Wolf Connect.
So this is really important that when you want to use it, that you obviously configure the PC with that option in order to then use services like Protect and Trace that we are building on this Wolf Connect backend infrastructure. Great. So let's see some of the questions that have come in. Does your solution work on mobile devices like smartphones or tablets? Good question. Good question. So at the moment, we have it just for our PCs.
I mean, in general, the software, Protect and Trace, we are thinking on that. But at the moment, it was a very, not an easy task, let's say, to really do this on our mainly Windows-driven notebooks, right? First of all, you just can't start it with Windows, right? So that's it so far. But of course, Android, the underlying technology, which is TechPulse, which is the data lake and everything, this is already working for many OSs, right? But this special feature at the moment is only available for our PCs.
And on mobile devices, the provider Android or even iPhone, right, they have this capability built in, right? We are missing this feature, especially for PCs, right? And this is why we have added this. And we are focusing really on the own hardware we are producing first before we reach out to the other things. Makes sense. What happens when a thief wants to install a new operating system and maybe a new hard drive?
Very, very good question. So as I mentioned earlier, we are doing this trick prior to BIOS. So the BIOS itself is the first step into getting the PC up and running. But if you really do the lock before, there is no change anymore. That means you can either change your hard drive to any other stuff to trying to install a new operating system is not going to work. It's simply not finishing the boot sequence, right? So you have no chance to select, you know, to press escape and then get into the BIOS menu won't work, right? So you don't even get into the BIOS menu.
So no chance to select boot from an USB key or something like that doesn't work. Or even if you would take out the hard disk, it wouldn't change anything.
Yeah, interesting. So you're saying this software works at the very, very lowest level. So before the BIOS, before the operating system, it's locked.
You know, we might even say it turns it into a brick and can't be used again. Okay, interesting.
Well, what happens if a PC is in airplane mode? That's a good question. I like that, right? So obviously, we all travel in airplanes, and we are asked to switch into the airplane mode, which is connecting or disconnecting any GSM cellular activity. And obviously, if you would do this with an HP PC, put it into the airplane mode, it would disconnect that capability, right? But the policy around that is that after 24 hours, our servers would wake up again. And so even if it would have been turned into an airplane mode, right?
So I would have imagined you're losing, you're forgetting your laptop in an airplane. You're realizing, where is it now? After 24 hours, right? You could locate it again. You could lock it again, even if it's turned off, and it's maybe somewhere in the lost and found. You could basically lock it there, erase it there, and it becomes unusable after 24 hours.
Okay, that's a good feature. So I think that kind of addresses the last question here. What happens when the PC is completely offline? You still have the ability to remotely connect to it then, right? Exactly.
Go ahead, Olli. Yeah, I think it's as explained.
I mean, this is, let's say, the beauty of our solution, that we can do this offline. Even if, let's say, the hard drive would be taken out, that's the beauty. And this is, let's say, our unique selling point, of course, to really get a big, big value for our customers. Yeah. Great.
Well, thank you. That's all the questions we've got for now. I want to thank Lars and Olli for a really fun and interesting presentation. And thanks to everyone who's dialed in today. Do you guys have any closing thoughts? No.
Obviously, yeah. So thank you, John, first of all, for hosting this and adding these comments around the ransomware attacks. I think we are going to organize very much in probably June, July, another session with you where we talk in more depth about the other part of our security solution, which is called Wolf Pro Security, where we show more about the isolation.
So, how do we work with this zero trust approach? So, how we are isolating in a micro virtual machine applications like Word.
So, if you are getting a ransomware, which is part of a Word file, for instance, via email, how are we protecting you to avoid that a ransomware is spreading onto your system, your network? That is part of the next edition that we are going to have. And obviously, we're delighted to talk to you about our security solutions and the rest of our digital solutions as well, as you could see today, ranging from security to fleet management to HP Anywhere, which is a high performance remote access solution.
So, wherever you are on this planet, right, so make sure you reach out to an HP sales rep, which is close to you. Yeah, nothing to add from my side, Lars.
I mean, you mentioned everything that was really relevant. I'm looking forward to seeing you all in the next webinar. And last thing I would say, stay tuned. And thank you very much for spending an hour with us.
Yes, yes, thank you. And this, I think this is really good because this is really addressing the physical security piece.
You know, I think often we talk about, you know, higher layers, application layer stuff, but, you know, physical security, keeping control of your assets and being able to do something about it when one of them is lost, or hopefully not 20 or 30, like you were saying. But, you know, this is definitely something that needs to be considered by all organizations. How do you control and take care of your actual physical assets?
So, thanks for this very interesting look into your technology. And likewise, look forward to talking to you all again soon.
