I spend a lot of time talking to Chief Security Officers (CSOs) and IT decision-makers, and one of the questions I always like to ask is, “What’s keeping you up at night?”
The response I get more often than anything else is that IT leaders are concerned with protecting the enterprise without sacrificing the ability to provide end users with a good experience. After all, innovation and transformation initiatives don’t matter if your IT ecosystem is not secure.
It’s no secret that cyberattacks are on the rise — and that they’re increasing in sophistication. In the past, most security efforts, like antivirus solutions, were focused on protecting the network and keeping the bad guys out. These malicious actors are sophisticated and well organized, though, and quickly recognized that there are better targets for their attacks: a successful tailor-made threat directed at a CSO or IT decision-maker will hand them the keys to the kingdom.
Thousands of these attacks are generated daily using Artificial Intelligence (AI) and machine learning. The most successful attacks come from completely unknown malware that escapes traditional antivirus detection methods, leaving security experts wondering how to protect their enterprise from a zero-day attack. If the threat is something that has never been seen before, how can be it be recognized as malicious?
In the past, when it was time to go to work, you’d have to pass a physical security checkpoint to get into the building, and then you’d log on to your machine in the office that was connected to the network’s security.
Today, the trend toward Work From Home (WFH) and hybrid work has changed all that. The internet has become the network, and the layer of physical security has been removed.
I’m the first to admit that my family is not cautious with our clicks. My kids play video games, we all do personal work on company endpoints like our phones and tablets, we click without thinking on things we probably shouldn’t. The WFH environment can quickly become a free-for-all and the bad guys have recognized this. In fact, today, 70% of attacks are generated on endpoints themselves.1 And approximately 85% of all email is spam.2
It’s no wonder that CSOs can’t sleep at night.
So how can IT security leaders protect all the dispersed endpoints across a sprawling environment? How is it possible to safeguard company data and assets without sacrificing the end-user experience or causing serious slowdowns that cause apps to creep along at a snail’s pace?
There’s a quote from an old Sylvester Stallone movie that I like to use when it comes to IT security: “D.T.A. — Don’t trust anybody.”
Instead of trying to determine who is malicious and who’s not, we assume that everyone is a bad guy and use isolation and containerization as the foundation for our approach to counter attacks. This means that when you click on website while running an HP security solution, microvirtualization turns the website into a tiny Virtual Machine (VM) and uses a small amount of memory or CPU to isolate the intruder in a microcontainer.
Once the threat is safely contained, we can allow it to detonate or do its thing, so to speak. This allows us to gather more information about the threat, where it came from, where it’s headed and even the types of information that it’s trying to send back to its originator. Unlike traditional quarantine security methods that just lock a threat out, we invite it in so we can control it and use the information it provides to increase our understanding of cyberthreats.
This HP technology is incredibly powerful, providing a huge advantage to our customers. And when it’s paired with the capabilities and expertise of partners like Insight, it creates security solutions that effectively protect the entire network and all the endpoints connected to it. With cutting-edge approaches to security like isolation and containerization, CSOs can finally get some sleep at night.
At HP, we’re constantly developing and refining cutting-edge security solutions. But I believe that these solutions must be used in layers in order to truly be effective. When you’re getting ready to go out into the snow, you don’t just wear a T-shirt. You put on a thermal layer, a sweater, your coat and hat before you head out. In the same way, an effective approach to security must involve many components. This means that everyone needs to be on board, from the top down to end users, making sure that they’re doing their part to safeguard the enterprise. But when click happens, HP Security technology makes sure that it doesn’t get very far.