HP Endpoint Security - Time for a Different Endpoint Security

Wolf Security Okay, yeah, so welcome. Unfortunately, all my slides are in German language. Who has a problem with German language here? That's fine.

So, we can do it in German, right? Bad luck for you, John.

Yeah, it's time for a different endpoint security approach. My name is Heinz Mäurer, and I'm responsible for Wolf Security here in the CEE region. From a sales perspective, so not too many technical questions today.

So, a little agenda. First of all, we will have a quick look at IT security overall. What's the situation today? The question about security investment versus success. Do we spend the money for the right things? New targets or old targets, new discovered. And last but not least, how HP Wolf Security can help to close the gap.

So, security and overall, one gap is enough. You know, security is a very tricky thing. And if you have one gap in your security line, it could be enough to go down to the ground. And if you see these companies, you know what all these companies have in common? They had been hacked over the last couple of months. And if you see these organizations, can we expect that they hadn't any security controls in place? Most likely not, but obviously they didn't work or didn't work good enough.

So, in 2022, that's a number from the Bitkom here in Germany, the economical damage created by cybercriminals is 203 billion euros. 203 billion euros is a huge amount of money, but it's just a number. If you have nothing to compare it, it says nothing. And I compared it with the tax income of the German government. You see it's 328 billion euros compared to 203 billion euros.

So, we can say cybercrime is a huge problem for our economy. So, in 21, in Germany, they invested 6.2 billion euros for IT security. And this number will increase until 25 to 8.9 billion euros. And the question is, where do we spend the money? Where do we spend the money?

So, we see that the typical refugees, it's EDR, XDR, NDR, email security, pim-pam-pum security, so privileged account management solutions, and quite new, driven by these two initiatives from the European Union, it's DLP, DLD, so data loss prevention or data loss detection. So, in terms of DLP, DLD, I have two news for you, a good one and a bad one. A good one is DLD, there is a lot of technology in the place that is really great. For instance, Forcepoint has a great DLD solution. DLP is not possible at the end of the day. Why not?

As long as you are able to store data on your C drive and can take your laptop with you, how can you make DLP? So, that's a problem.

So, on the other side, do we spend money in process optimization or employee qualification and things like that? So, if I talk to companies about processes, so let's assume your EDR solution creates an alert, what happens next?

Yeah, well, Mr. Miller in IT will get an email and he will take care of it.

Okay, and now Mr. Miller is off sick or on holiday, what happens then?

Well, we might have a solution for that. Yeah, you might have or you have, they don't know.

So, do we have anything where your processes are described on paper or whatever? Well, we don't know. Because security is quite often historically grown in companies and it was always a little nasty secret in the companies and nobody wants to talk about security, but the time is over.

So, let's come back to two hits, to the analogy of boxing. We have two hits here. One is Fitzmeyer. On the 17th of January, they realized that they had been hacked. That was the moment when they realized that they had been hacked. Nobody knows when they had been hacked. And the other one is MoveIT. MoveIT is a very strange story because MoveIT is a company owned by Ipswitch Limited, or PLC, it's a PLC. And MoveIT is for secure data transfer. And this solution had been hacked. And that creates a lot of problems.

You see, all these companies here were affected by this hack. You can only see the business area, not the company's name. But if you go on the webpage and you click on the branch, you will see the company behind. And if you see, we have 10 on this page, but the whole document has 55 pages. And the end of this hack is not on the horizon at the moment.

So, what are the costs of a hack? From the hacker's point of view, you can buy plug-and-play malware for less than a donor. You can say why a donor is quite expensive nowadays because of the increase of pricing. But HP made an analysis in the dark web and we found more than 35 million cybercrime marketplaces in the dark web. 35 million. And 76% of the listed malware and 91% of the exploits cost less than $10.

So, if you're a little bit like, let's say, a totally technical, yeah, somebody like me, because I have no clue on technical stuff, you can order CAAS, C-A-A-S, and that means cybercrime as a service. You can order a service that means Heck Deutsche Telekom, and after the hack you can rate the hacker one or five stars how satisfied he was with his work.

So, in the fall of that, the insurances will not insure cybercrime or cyberattacks anymore. Why? Because it's too expensive and it's not calculable.

So, if I build a house on a volcano, the insurance company knows exactly how expensive is the house and how big is the likelihood that the volcano will blast and they can make some kind of a cost and risk calculation. Cybercrime is not possible. Because we saw Conti, one of the successful hacks of the last couple of months, it was a ransomware attack and the ransom was 50 million euros. 50 million, but they could ask 70 or 100 million.

So, the damage is not calculable for the insurance companies and the outcome is that they say we do not insure it anymore or the cost for such an insurance is so high that nobody can afford it anymore. So, I jump over this because what Albert Einstein said, doing always the same thing and expecting different results is totally stupid and he's right.

So, if we talk about targets, so we have new targets and we see old targets, a renaissance of old targets, let's say it this way. So, we see more and more attacks below the operating system. Why? Because the common security products do not see attacks below the operating system because they are working on operating system level. And we see more and more machines with extended access. Why? These are machines with higher rights on further machines.

So, if you say lateral movement, machines like that are very interesting for hackers. And an old friend, the printer, who is taking care of his printers here?

Nobody, because the printer is an endpoint and it is in the network and you can put in a USB stick into your printer. And last but not least is the fact of the human being and that's what we are taking care of.

So, the human being, so you can spend a lot of money in technology if you have Dave on your side, the human error, you are not secure because you will always find a Dave in your company. And without blaming someone here in the room, where are the most Daves in the company? HR and marketing. And it's not because they are stupid, because they have to do their jobs. What will you do if you are in HR and you get an initiative application with a CV as a PDF? What do you do? You have to open it. And you never know what's in there.

So, the connection between man and machine is still entry number one for every hack. It starts always with a human being and there are 85% other organizations say 90% or 95%, it doesn't matter. If it's 85% or 90%, 1% is enough. You will always find a person in your company that clicks on a link in a phishing mail or whatever. And that's an interesting statement from Bruce Schneier.

He said, amateurs hack systems, professionals hack people. And that's true.

So, how can HP support here? So, if I ask you, what is HP doing? What makes HP? Huh? Printer and laptops and ink.

That's it, that's HP. Now, HP develops over 20 years innovation in terms of endpoint security.

So, we can say that at the moment we have the most secure laptops in the market because it comes with a security chip with a lot of security features on the laptop itself. But, beside of that, we have the technology of Wolf Security. It's an acquisition of HP. The company was known as Bromium and was acquired in 2019 by HP. And this technology is hardware agnostic.

So, it's not required that you have an HP laptop. We love it if you use HP laptops.

But, if you are a Lenovo customer or a Dell customer, you are welcome as well. And what we are doing here, the product is called SureClick Enterprise. And what we're doing is calling threat containment. Okay? The point is, task isolation or threat containment helps you to stop an attack on the endpoint before it harms your network or other machines in your company. And how we do that?

So, the traditional security products are running on operation system and they give you an alert if they find something. That's nice. You need an EDR solution, definitely. And an EDR solution will give you an alert if they find something. The problem is, if they find something, it's on your machine. And the time between infection and alerting can be between one and four days.

So, that means a malware on your endpoint in that time can create a lot of trouble in your company. And that's where we come into play.

So, our approach is to isolate tasks on the endpoint. That means... And for us, it's totally unimportant the signature of a malware or the behavior of a malware.

For us, it's important the source. That means if something comes from a source that's not reliable or known, then it will be opened in an isolated...

So, we call it secure micro-4M. It's opened in a secure 4M and inside this 4M, the malware cannot jump on your system. They can do whatever it's developed for. They shall do... It shall do what it's developed for. And the first step is isolate and the second step is analyze.

So, in the background, we see what tries this malware to achieve. So, we can analyze...

Oops, in the background. And here we have the MITRE ATT&CK framework behind and we see the complete ATT&CK chain. A classical EDR solution will stop the ATT&CK at a certain point and you see only a part of the ATT&CK chain. We will see the complete ATT&CK chain. And what can we do with this information? We can gather this information and fill it into your existing security controls and sharpen your security environment.

And exactly this approach is something what the BSI here in Germany advised their organization and the companies to do to make your organization secure against phishing and ransom use. Yeah. Capsulate environment.

So, that's exactly our wording, what they're using here because we are working very closely with the BSI. So, we can say in the public sector in Germany, we have with our product 65 to 70% of market share.

So, you will heavily find in public organization that is not customer of HP or security if it comes to task isolation. Yeah. The biggest customer we have and that's important for our customers in terms of operating costs. How costly is it to operate a solution like that? Our biggest customer runs SureClick on 68,000 devices and he managed the whole environment with a half person per year.

So, the operating costs are very low. Thank you.