Episode Transcript
[00:00:00] Speaker A: Foreign.
[00:00:21] Speaker B: Welcome to Metro G's Metro site. I'm very excited to have a chat this afternoon with some security experts from HP to introduce myself. I'm Erwin Lazar, President and Principal Analyst here at metrogy. And in this discussion we'll talk about the evolving endpoint security threat landscape in 2026. We'll discuss the impact of AI for both ATTCK as well as the opportunities to use it for defense. We'll talk about the growing risk of cookie based attacks, the risk to enterprise devices, how quantum computing will impact security strategies going forward, and how organizations should think about their evolution of their security management strategy so that they are thinking about a UN approach to addressing both hardware and software issues.
Excited to have a great panel here from hp. Let me go ahead and just start and have each of you introduce yourselves. I'll go as I see you on screen. So Simon, why don't we start with you?
[00:01:14] Speaker C: Yeah. Hey, Owen. So I'm Simon Plant. I'm worldwide Product Manager for what was Enterprise Security here at HP. And I kind of have a foot in both the Wolf Security business unit as well as the Digital Solutions business unit as well with our workplace experience management platform as well. So my primary responsibility is getting security out there to everyone in an HP world.
[00:01:33] Speaker B: Wonderful. Alex, I'll get you next on my screen here.
[00:01:36] Speaker A: Hey Owen, great to be here. My name's Alex Holland. I'm a principal threat researcher in the HP Security Lab. So I help look after the security research and development that we do at hp. Brief bit about my background. So I started my career in the aerospace and defence sector working in security operations and one thing that I really care about is making security both usable and actionable.
[00:02:01] Speaker B: Wonderful.
[00:02:01] Speaker D: And Mark, Hi, pleasure to be here. My name is Mark Godfrey. I am a senior manager of Product Management over the remediation, automation and print areas of the WXP platform. I also have some of our hardware manageability tooling in my, in my bucket as well.
[00:02:17] Speaker B: So the impetus for me really wanting to talk to all of you is I had the chance to attend the HP Analyst Security Analyst meeting in New York back in December and we talked quite a bit about HP Wolf Security and the HP Workforce Experience platform. So why don't we just start with just a quick introduction of the HPE Security offering. So I guess Simon might make sense for you to tell us a little bit about HP Wolf Security and then we can talk a little bit more about workforce experience.
[00:02:41] Speaker C: Yeah, absolutely. So a lot of people that aren't, you know, don't align HP necessarily with security capabilities and security features. But I can assure you the HP history in security goes way back, including being on some of the core standards committees, you know, 20, 30, 40 years ago, for example. So it is in our DNA. Some of us, and certainly the Wolf business unit came through acquisition. So Alex and I both joined HP for example, when HP acquired Bromium, which was a unique endpoint security software solution. Hypervisors and microvisors to protect Endpoint in a very unique way. So HP acquired us for that technology, made the solution broader and included a lot more technical solutions in part of that. So previously we had a single endpoint solution. We broadened that out to be both security inside the OS but also under the os. So HP is uniquely in a unique position by having the OEM relationship with Microsoft to provide that level of security, but also the hardware platform in the devices that obviously we're all using today to do some really, really cool security stuff, which I'm sure Alex will go into later. And then more importantly, combine that. It's not just the endpoint security things like traditional ngav, for example, the isolation capabilities, the monitoring capabilities on the endpoint solution, reporting those up to a control plane, but it's the ability to put that together with the hardware security to the same control plane. So rather than having the piecemeal solutions here, there and everywhere, HPE really is uniquely positioned to provide that in the OS and under the OS solution to the same control plane, give you ubiquitous security access and control with those actionable intel that Alex will go through later.
[00:04:14] Speaker B: Excellent. How about the let's talk a little bit about HP workforce experience platform and give us a little bit of an overview of that, I think. Mark.
[00:04:21] Speaker D: Yes, that's absolutely, that's quite an interesting background. One of the original ideas around it came about fairly simply and really evolved. We have like, I want to say, dozens of various web based products that offer various capabilities for, you know, managing hardware, software and so on and so forth. And we really wanted to bring those together to make one single pane of glass, one powerhouse, combine it all together.
And so we had a predecessor, but essentially now HP workforce experience is born and it's, it's sort of, you can say in the, in the Dex world, but we're really kind of unique in the Dex world because we have a lot more than what a lot of the Dex players have have in terms of the security capabilities, managing printers, our collaboration areas. So it's quite the massive platform, honestly.
And as these guys kind of alluded to being a Hardware manufacturer as well. We have certain additional advantages that that gives us in terms of managing hardware, firmware and security around.
[00:05:17] Speaker B: Excellent. So let's dive into some of the security topics that I wanted to chat with you about. So we recently published our annual look at communications, collaboration security as well as contact center security. And we typically look at what organizations are dealing with respect to attacks on their platforms that could be hardware, that could be software. And unfortunately we've continued to see things going sort of the wrong direction. 300% increase over the last five years and the percentage of companies telling us that they've documented an attack. What are you seeing in your customers in terms of what kinds of attacks they're most worried about maybe in the future, as well as what they're keeping them up at night today?
Maybe. Alex, does that make sense for you?
[00:06:00] Speaker A: Yeah, definitely.
I think the starting point is to say that really the vast majority of threats are coming through endpoints. So this has been a trend that we've been seeing for many decades now. And so these endpoint borne threats can lead to catastrophic implications for endpoint infrastructure and enterprise infrastructure. So ransomware is a top threat that CISOs are worrying about. Extortion attacks, but also the impact of cookie theft, which will, which I can talk more about later. Which means that, you know, attackers are able to compromise mission critical, mission critical data and applications to essentially gain the crown jewels of an enterprise easily without even stealing credentials as they previously needed to in the past. And we're, we're also seeing technological drivers, AI being one of the biggest ones, which is having this effect of accelerating and automating many of the attack tasks which previously required a lot of skill and resources for attackers. And I think this is reflected in what you found, in what you're seeing among your customers, that there's this growth and acceleration of the volume of attacks. Yeah.
[00:07:21] Speaker B: Simon, anything to add?
[00:07:22] Speaker C: I think Alex hit the nail on the head from me, which is the endpoints in a post Covid world, in a hybrid working world, you don't always have that enterprise infrastructure to rely on, to protect, to keep the bad guys out. These endpoints are roaming more, having different connections, having home security networks. And obviously the three of us on this call have best security on our home networks. But normally normal people don't do that. Right. And so yeah, the obvious answer is to force people to use things like VPNs and if they're full, that can slow things down. I don't know, these guys probably have multiple fiber connections, but I live in rural Suffolk in the uk. I don't have that kind of connectivity, so routing every part of my connection through the office and back means I can't do zoom calls. So my VPN is always up and down, depending whether I'm on an on call or not. And that exposes my endpoint to different security risks whether I'm on a call or not. And I may forget to go back on the vpn, et cetera, et cetera. So the endpoint for us is really where we're focusing on getting. It's the last mile, it's the last piece of attack. Right. But it's the piece that you can control the least. So not just NJV or firewalls, it's the isolation protection, the hardware protections that we can get in. Right. If a server is in a server room, doing a hardware attack is pretty much an issue. Impossible. It's a thing of movies back in the 80s, getting into server rooms are breaking. Nowadays laptops get left in coffee shops. So physical attacks are much more real. We all read in the news about people leaving endpoints, government endpoints, on trains, in coffee shops, that kind of stuff. And so these attacks are real. And we have to recognize that the endpoint really is the core battleground, not just of the future, but of today. And that's where HP is certainly focusing a lot of investment.
[00:08:53] Speaker D: Yeah, absolutely. So, Mark, the only part I was going to pipe up about is I know Alex talked a lot about how AI is being leveraged for a lot of these attacks. And something you'll see on the reverse side of that is on the endpoint management and security software side, you know, we're also trying to leverage that to fend off those attacks. And so we'll see kind of how that plays out in time.
[00:09:13] Speaker B: Yeah, I definitely want to get into that a little bit more, but I also want to just dig into something that Simon said where, you know, one of the areas when we ask people what they are most concerned about from a security perspective is remote access, is employees working from home. Because like you said, you have the that scenario where maybe I'm using my office provided laptop for work, but maybe I'm also connecting my home network and using it for play. My sense is there might be a belief that a VPN's sufficient. You know, as long as you have a VPN, you're protected. But what risks do you typically see from those remote hybrid type workers who again are taking those laptops and connecting them in, that maybe a VPN is not going to protect them?
[00:09:52] Speaker D: Against, I think something I've always said, and I'm not the main security guy here, but I have decades of experience in IT and endpoint management. And something that I've really always tried to hammer home is that security is, is not like a, you know, one size fits all right? It's a spider web. And so you can have your vpn, but if you don't have different mechanisms behind that VPN protecting that connection, it's, it's not really very helpful, right? So. And then you might not be connected to it. And then is it, is it split tunneling versus, you know, single tunnel? And so there are several other technologies you can utilize to kind of hammer that home, including like, like, I think Zscaler technologies like that to make sure your connection's fully.
What really drives me nuts is I see a lot of companies that like to stack antivirus providers thinking, hey, if I have six of these, I'm good. And that's just not how it works. And so all these different technologies out there that you can kind of layer on top of each other at the hardware, software and firmware level that are really going to protect you. My biggest concern is consumers don't have these, right? Like we know about these in the enterprise, we enable them and most consumers have no idea. And I don't, don't see the technology companies keeping up on that side.
[00:10:58] Speaker B: Makes sense.
[00:10:58] Speaker C: I think I was going to add to that is. I think you're absolutely right. And these, these dynamic and open environment. And all three of us here are. Mark's a remote worker. I work hybrid. Alex, as you can see, is also hybrid. So it's a big thing we do at hp. It's a huge push now, you know, to support those models with all, not just the laptop stuff, but with the conferencing capabilities and the printers as well. Everything, you have to bring everything into that because the remote worker, whether they're in the office or at home, needs to be able to participate in those zoom calls in the workshops, in everything that they're used to doing, right? You have to allow productivity and the balance is how do you allow productivity whilst maintaining security?
[00:11:33] Speaker D: Right?
[00:11:33] Speaker C: And I don't think, you know, you can do so much to be proactive in office security and obviously HPE has a lot of investment there with the Endpoint security software, the suites, the manageability, the reporting it up, but you also have to be reactive as well. You have to acknowledge that something is going to go wrong, right? And you have to have the strategies and the processes and the tools in place to be reactive in the right way. And a good example of that from HP would be wolf protect and trace, right, Where a laptop might have, you know, 3G card, a hidden 3G card which allows it to connect to base irrespective. So if someone leaves it on the train, if that person is honest and calls home and says, you know what, guys, I've left my phone on the train, I've left my laptop in a coffee shop, for example, then that admin can actually go proactively, reach out, set it to wipe, clear the device, right? Factory reset, clear the device, find out where it is before bad stuff can actually happen. So I think you've got to, and I think you alluded to it earlier, you've got to have a multifaceted approach here and you've got to be pragmatic. You can't just, you know, every connection to the firewall. We can use our enterprise security stack. Everything is going to be fine, because it isn't. You've got users and you've got real world users that have kids that are at home. When they're at home and they're distracted, then they may not be turning the VPN on. So I think as IT security, you have to look at both the reactive and the proactive strategies to really do that. And that's certainly what the three of us are very much focused on.
[00:12:49] Speaker B: Yeah, that makes sense. So, Alex, I want to dive a little more deeply in AI. I think you mentioned it. You know, obviously there's that growing risk of attack generated by AI, but also that potential to use AI internally. How do you see AI, you know, the good, the bad, the ugly in the security landscape?
[00:13:06] Speaker A: Yeah, it's a fascinating topic and one that we've been tracking within the security lab for a number of years.
The way we view AI is that really, it's a force multiplier. So like you mentioned, Erwin, it is. And it can be used by attackers to really accelerate and automate their attacks. But equally so as defenders, AI provides lots of opportunities for us to accelerate and actually supercharge the ability of security analysts to respond to these threats. One of the biggest trends that we've been seeing over the last three years with the growth of generative AI is this movement across the attack lifecycle where attackers have progressively adopted generative AI tools more and more to perform attack tasks. So if you can imagine an attack as a life cycle, on the far left, you have the attacker needing to research a target, what we call reconnaissance, and then on the far right, you have what we call the actions on objectives, which is the actual outcome that the attacker wants to achieve, whether that's deploying ransomware or extorting a victim or stealing sensitive information. And what we've been seeing is that over the last three years, a lot of the focus of generative AI used by attackers has been focused on that far left side of the attack lifecycle. So things like researching which IT admin to target from social media, things like creating scripts to deliver payloads of malware. But what we're increasingly seeing is as the capabilities of large language models improve year over year, attackers are relying more and more on generative AI on what are traditionally seen as more difficult attack tasks. So these include things like looking for vulnerabilities in code or even starting to write aspects of the payloads that are being delivered within a customer or a target environment. And so given this trend, what we're expecting to see in the future is that as generative AI improves, attackers will increasingly rely upon this technology to accelerate their activity. And if we really project forward into the future, what that means for us as defenders is that really attacks will accelerate to machine speed, and therefore our defenses also need to be up to speed, able to match that. Right. And from a security research perspective, one of the things that we've been thinking about and investing in heavily is this idea that, you know, it's not enough to be on the back foot and detect bad activity. We really need to be proactive and ideally even prevent activity from happening in the first place. And that's why a lot of our technologies are what I like to call protection first.
So we don't rely upon detection and response so much, but we use other security properties, for example, isolating risky activity from less risky activity, or any technology that doesn't rely upon detection to provide security for our customers.
[00:16:28] Speaker B: I assume AI is, as you're thinking about the evolution of workforce experience, management platform, that AI is front and center for not only security, but just overall automating, improving management operations.
[00:16:38] Speaker A: Yes, that's definitely. And I'll let Mark and Simon speak
[00:16:41] Speaker C: to that before Mark goes to town on AI and wxp. I was going to say.
So from a security perspective, that's, and I mentioned earlier, that's one of the things HPE brings, right? We've got this control plane that is the center of the universe and Mark will go into that with all these existing workflows, AI capabilities. Lots of enterprise customers today have a siem, right? And they forward all their security events from all the different things. And they're using AI to correlate all of those things, to have that response, to be proactive and detect those events that are going on and try and work out what's happening. Is there any lateral movement? How do I defend against that?
Whereas, you know, a lot of smaller companies, SMBs, SMBs can't afford Sims. The SIM is not something I even have. Right. So if we can, at the very least for people that are buying HP laptops and printers and all these security capabilities that we have, make WXP effectively that mini sim, the ability to use AI and correlate all that information across their estate, that's a win win. That means we're bringing security to everyone else that needs it and not just leaving it at the enterprise with the big guys that can afford the huge sims.
[00:17:43] Speaker D: Right.
[00:17:43] Speaker C: I think security, we've got to make a commodity item.
[00:17:46] Speaker D: Right.
[00:17:46] Speaker C: Everyone needs it. As Alex said, AI is changing the landscape. Everyone is at risk of this stuff, whether it's just your own personal bank account or your corporate ip.
[00:17:55] Speaker B: Right.
[00:17:56] Speaker C: We all, and certainly as a vendor, we take that corporate responsibility to our customers regardless of size, incredibly importantly. And so Mark, do you want to elaborate on the AI use in wixpeak?
[00:18:06] Speaker D: Yeah, it's actually evolved quite significantly. I had a little interesting chat about this at our internal pre sales technical consultant conference last fall.
Started off kind of like a lot of companies do, where we focused on, hey, here's our big AI LLM interactivity feature which we call Fleet Explorer where you can basically use this to interact with the different data that we collect in wxp, which is a massive amount of data points, and use it to maybe aggregate it in ways that we're not doing in the other features yet. But that's really evolving. Not only that feature itself is evolving significantly to improve how it works and add different capabilities, but we're kind of starting to more weave AI throughout different features, existing features and new ones in the platform. So it's powering a lot of things behind the scenes. Something on my side of the house, which is going to be really helpful because I mentioned I run remediations, just launched this new unified remediation flow. The idea is we can cross link this flow in different areas of the console based on the AI can kind of look at, hey, here's the entry point for where they're going into this flow. And based on the entry point we're going to recommend what remediations we have that are most likely to solve this issue. The best way for you. And so the AI part I believe is still in alpha testing, but should be launched pretty quickly here soon. And so it's just fascinating how we're, how we're integrating this in ways that just basically allow us to counter all these AI threats by using it the same way to counteract even you guys mentioned AI code scanning. We have HP cybersecurity, they use a lot of that to proactively find those before people can. So we fix these before we release these improvements with vulnerabilities in the first place. So it's definitely two parts to that side.
[00:19:50] Speaker B: And another part we found is companies do their due diligence on the vendors they talk to is that they want to know that you have those capabilities that you're proactively scanning your own code, your own devices, hardware, et cetera. So that great to hear. So I want to take a slightly different turn. One of the documents I came across in preparing for this was a paper from HP Wolf Security that really talked about the growing risk and threats of cookie and token theft. And we've seen this in attacks on software that will remain nameless. But do you see that that is now a bigger issue than just password and types of compromises? And if so, how do you advise your customers to protect against that?
[00:20:28] Speaker A: Yeah, Owen, this is a massive trend that we've been seeing. Attackers are really fascinating focusing on rather than stealing credentials, the username and password to gain access to say a web application within a target environment, instead they're now focusing on stealing session cookies. Really the standard recommendation to protect against these attacks is to use what's called a privileged access workstation. So essentially you'd have one workstation that's dedicated for high privilege mission critical activities. Let's say you're a system administrator and you need to remote into a domain controller to do your do your management duties. You'd have that mission critical activity on a dedicated machine and you'd have all your low privileged activity, checking email, doing productivity tasks, office and so on on a completely separate device. Now that's excellent advice, but the reality is many enterprises don't do this. And common pain points are that it's really expensive and it's difficult to manage. And because of this threat of session cookie theft, which means that attackers don't need credentials, essentially what they're doing is they're stealing a cookie that impersonates the victim user. And once they have control of that session cookie effectively, they can log in and bypass things like multifactor authentication. It's really important that enterprises have and enforce strong levels of least privilege access. And one of our solutions, HP Shure Access Enterprise, essentially does this in a virtual way. So rather than needing to have two separate devices to enforce this best practice least privilege access, instead you can achieve the same really strong separation of privileges, but on a single device. And what I love about this solution is that it assumes that the host device is compromised. And we have a saying in security assume breach. And so even if the host device has malware on it has an information stealer that's looking out trying to steal session cookies from key applications. When you have your mission critical apps isolated by HP Shore access, it means that there's nothing for the malware to steal. And effectively the cybercriminal, the threat actor, is completely locked out from gaining those crown jewels.
[00:22:55] Speaker B: And anything that doesn't require people to change behavior in order to achieve security. Right. Like you said, if you're in that scenario where I've got to move between machines in order to get my work done, people are going to bypass that.
[00:23:06] Speaker D: Right.
[00:23:06] Speaker B: So it sounds like this is more of a behind the scenes type approach to ensuring that you ensure security of those privileged applications completely.
[00:23:16] Speaker A: I mean, it's all about making security transparent in the sense of making it compatible with existing workflows as usable as possible. So we're reducing friction whilst maintaining strong security.
And of course it also reduces cost and it means that you don't have to have a completely separate device that's used for certain high privileged tasks.
[00:23:38] Speaker B: Excellent. I want to touch on another, what I thought was maybe the coolest demo, the scariest demo that we saw back in December was the breaking bitlocker approach, where if somebody has access to one of those devices, like Simon said was left in train or coffee shop, that they can very quickly bypass encryption internally and access the contents of the storage device. Tell us a little bit about what the risk is and what potential organization or what organizations should be thinking about as they seek to mitigate that risk and what.
Yes.
[00:24:10] Speaker A: So this is this. I'll jump in here.
[00:24:13] Speaker B: Yeah.
[00:24:13] Speaker A: So this is part of the bigger trend that we've been tracking over many years of what we're calling the acceleration of hardware and firmware threats. And so let's say if you map out attacks against hardware and firmware over, say 20 years, what you'll find is that earlier on, back in the day, the types of threat actors and the skills and resources that they would require to perform such a physical access attack was high. So the bar was Set really high, you need to be well resourced. Typically you had to have highly specialist, expensive equipment to do these types of attacks.
You need to have specialist knowledge to be able to perform one of these attacks. And so really these attacks were limited to the realm of nation state actors and academia really. But that picture has changed over time. So over the years we've actually seen a progression from highly skilled threat actors towards cybercriminal actors who are now financially motivated. And the attack you mentioned breaking BitLocker is kind of the tip of the iceberg, the culmination of this trend. Where previously this attack would have costed a lot of money, but now anybody with US$20 who can follow a basic tutorial online can effectively bypass BitLocker disk encryption and that protection of confidentiality on that data is completely removed. So what the conclusion, the takeaway from this is that given this trend, we expect to see physical access attacks to accelerate and enterprises will need to pay greater attention to mitigate these types of these types of hardware and firmware threats.
[00:26:01] Speaker D: Artezu no, there are several ways to mitigate this, as Alex kind of said. So TPM hijack attack isn't necessarily a new thing. There are new technologies I know being worked on which not all of them are released yet around mitigating that. There are also some existing technologies that the customers can implement to fix that as well. The big risk of that is, you know it's mentioned your Raspberry PI wire it up, yada yada yada and it's usually on boot you can get those and intercept them. So a lot of customers will implement like a BitLocker pin so that you have to know this second factor on boot to make sure that it's not in malicious hands. Unfortunately, pins are not the I personally hate pins because there's not a great way to manage them, especially in the cloud so your end users can't change them. So in practice they're often the same and at least one year end users probably hasn't written down a post it note on their laptop. The better way in my view. And HP has this technology called HP Tamper lock. It's essentially hardware tamper detection. So if someone opens that case there are these different sensors inside and it's not just opening. Actually I was talking to a customer who was I'll just say they're in a very high security environment. They were taking like skill saws trying to cut into different parts of this thing and testing the sensors and they found it was a very comprehensive net of sensors looking to see if this thing had been tampered with. And so you can kind of verify essentially if someone does open that unauthorized, it can clear your TPM or prompt for like your, your UEFI admin password on next boot, things like that. And so there are ways to mitigate this if you know what you're doing. And there will be better ways coming in the future that we probably can't go into right now.
[00:27:37] Speaker B: So one of the things that one of the topics that was discussed both this past year and the previous year at the HP Analyst Security Analyst meeting was quantum cryptography. A post Quantum crypto cryptography, Quantum resistant cryptography. And I've seen HP take a leadership position in this. It's a topic that surprisingly, in the calls I've had to discuss, our security research is coming up more and more frequently. We published the data points that about 19% of organizations care about or are evaluating their hardware and software providers for their ability to support it. So I'm curious to understand within HP what has driven your interest in taking this leadership position and how are you thinking about the future where quantum computing potentially creates new and dramatic security threats?
[00:28:21] Speaker A: Yeah, so one of the things that we do in the HP Security lab is not just about understanding today's threats, targeting endpoints, but we also spend a lot of time researching and scanning the horizon for threats which are coming down the line. And so in a nutshell, anticipating threats.
And this is super important as a hardware manufacturer because it takes years of foundational research and development and engineering effort to produce mitigations. And then when you add to that the fact that endpoints can live in customer environments for many years, actually what could be a distant threat in reality needs to be mitigated sooner rather than later. And this is why we've been taking a leadership position in introducing quantum resistant cryptography both in our printers and in our business PCs. And you're exactly right, there is growing momentum enterprises and organizations to migrate both their software and also their hardware to quantum resistant crypto. And if you look at the national guidance coming out of national authorities, governments and other entities, 2035 seems to be the year that organizations are converging on as the completion date for migrating to quantum resistant cryptography. Actually, 2030 is emerging as the date for national security systems and high risk use cases.
So it's not that far away that organizations really need to migrate their, their standard asymmetric cryptography to quantum resistance schemes.
[00:30:05] Speaker B: And that date seems to be moving up too, the last few years.
[00:30:09] Speaker A: Yeah, that's right. There seems to be increasing momentum for this migration to post quantum cryptography.
And actually in terms of actions that organizations need to take, of course they need to understand the threats, right? We don't yet have a quantum computer, at least that we know of, that's capable of breaking asymmetric cryptography. But it remains the case that there are certain attacks, for example, the capture and decrypt attack, which means that organizations need to act now to safeguard data that they need to protect for a very long time. So in the case of a capture and decrypt attack, the issue here is that a threat actor could steal encrypted data and then once a powerful enough quantum computer becomes available at their disposal, they can then decrypt that data and have access to sensitive secrets. There really important that organizations create an inventory of their crypto use across all of their software and hardware and map out for themselves how long it's going to take for them to migrate to quantum resistant crypto. The last thing I'll say is that, you know, the other priority use case is that it's not just software.
A lot of crypto is baked into hardware, for example, signing keys. That guarantees the integrity of hardware and firmware that also needs to be migrated to quantum resistant crypto. And you know, definitely there's, there's growing momentum for organizations to do that.
[00:31:41] Speaker B: Excellent. So we're nearing the end of our time. I want to kind of do a quick lightning round and Simon, I'll start with you. If you're sitting across one of your customers and obviously they're probably telling you about budget limitations and what should they focus on in the next year? What do you see as the highest priorities in order to survive current and what you anticipate to be future risk over the next year?
[00:32:04] Speaker C: I think I'll just consolidate what I said earlier, Owen, which is Endpoint. I think for me it really is about the endpoint. And yes, obviously being a hardware vendor, but I come from software, right. So it really is about what's in the os, what's under the os. And remember that Endpoint is going to go walkies, it's going to go remote. You have to accept that. So having that proactive and reactive strategy, and I think most importantly it's having the ability to see that event and correlate. So a tool like wxp, other tools are available, but having that single control plane that can give you the visualizations and give you the reporting you need to enact your either proactive or reactive strategy. But for me, Endpoint and then visualizations. It's absolutely key.
[00:32:44] Speaker B: How about Mark, same question for you.
[00:32:45] Speaker D: Honestly to similar to Simon's like this is funny. WXP is surprisingly recently priced too. But like using tools like that to take that proactive approach because a lot of these, you know, these issues can be easily mitigated if you just proactive in your security strategy. People will talk about, oh, this vulnerability is going on. Well yeah, but that was patched a few months ago. Are you applying your updates like that? That was a big thing with what wannacry back in the day. It came out, everyone's freaking out about it. But if you'd applied a Windows update from three months back, you weren't vulnerable to it.
So being proactive about this like we have things like our policy is to be able to keep your BIOS up to date, you know, different alerting and reports to make sure that your Windows is up to date, your antivirus is up to date. And then honestly using there are a lot of customers who use like say the M365 suite. There are a lot of built in capabilities that I think exist in that that customers don't even know exist and they don't utilize. So utilize what you have like conditional access and then features like that. You have these technologies in your licensing, use them.
[00:33:46] Speaker B: That makes sense. Alex.
[00:33:48] Speaker A: Yeah, from my perspective, tying it back to my background in security operations, one of my observations is yeah, really in security we should rely less on detection and response. Detection ultimately is try and you're being reactive rather than proactive. And so that's why I think threat containment solutions like HB ShortClick are so powerful because they don't rely on detection, rather that they isolate risky activity. And from a security operations perspective, they can actually really provide a lot of threat intelligence.
Reduce down that mean time to respond metric that SOCs often use. One example I like to give is that when I was working in security operations, our customers used to always, like clockwork, receive a phishing campaign at 7:55 in the morning. And the reason why they would do this of course is because it would only give the security operations team 5 minutes to respond to scope out how many emails have been sent out and before people started clicking that first email at the top of their inbox. And we need to get out of this reliance upon speed of response. And I think really that's where application isolation and threat containment technologies can remove a lot of that urgency and reliance upon detection.
[00:35:11] Speaker D: Great.
[00:35:11] Speaker B: Well all three of you use my favorite word when it comes to talking about security and that's proactive. We see consistently in our research that companies that take a proactive approach to security not only improve their risk posture, but also better position themselves to take advantage of emerging technologies and to be able to do so in a way that gives them either first mover advantage or it doesn't incentivize employees to go around security. So I loved that you all talked about that. And I think a lot of what you talked about in terms of making it easier for people to address security without changing behaviors is really of critical importance. So with that I'd like to thank all of you for participating. Where can folks go if they want to learn more about WXP or wolf security or HP security research?
[00:35:54] Speaker C: Simon webforce experience.com, mark will give the right URLs hpwolf.com, put them in your favorite search engine. HP is more than just laptops and printers. Look at the security solutions.
[00:36:04] Speaker D: It's workforce, experience, hp.com, but you can, it's probably easier, just Google it. I wish we'd just have like a wxp.com or something but I don't control that. And then if you're an existing HP customer, you know, you probably have like a partner or a you know, pre sales technical consultant assigned to you. You can reach out to them, they'll connect you with the right people and we're obviously be happy to help if you're a current or even a prospective customer.
[00:36:26] Speaker A: And then from a thread research point of view, I'll make a quick plug. We have a blog where we host our quarterly reports as well. There's in depth analysis that the team performs. In fact we actually have an upcoming blog that looks back at the top zero day vulnerabilities that were exploited in the wild by attackers in 2025.
So yeah, we, we suggest security teams take a look at that.
[00:36:52] Speaker B: Excellent. Well again thank you so much for your time and we look forward to hearing a lot more out of HP in the coming months.
[00:36:57] Speaker C: Thank you.
[00:36:58] Speaker A: Excellent. Thank you Evan.
[00:36:59] Speaker D: Thank.
You.
