<img alt="" src="https://secure.insightful-enterprise-intelligence.com/784283.png" style="display:none;">
icon
Jamie Bsales
6057541
https://www.keypointintelligence.com/media/2374/jbsales.jpg

HP Lays Out Endpoint Cybersecurity Principles at Security Summit 2023

PCs and print devices remain protected as cyber threats continue to evolve

Dec 17, 2023 7:00:00 PM
avatar

By Jamie Bsales

 

Check out Keypoint Intelligence’s Cybersecurity page!

 

 

Subject matter experts from every corner of HP Inc. addressed a core group of industry analysts at the HP Security Summit 2023, held in New York City on December 12. The small-group and one-on-one sessions covered nearly every facet of HP’s security strategy from OS and firmware platform security for the company’s PC and print products to security assessment services and current threat trends.

 

Emerging technologies are propagating emerging threats, HP noted. The “Internet of Things” (IoT) and edge architecture mean there are more potentially vulnerable devices than ever before, while AI-powered tools are accelerating the velocity at which threats can be developed and distributed. Another issue: the eventual mainstream availability of quantum computing hardware and software. While that will be a boon to any industry, it also threatens the encryption protocols in place to protect data and communications. With quantum tools, hackers will be able to crack current encryption methods, rendering them obsolete possibly within a decade.

 

With these developments in mind, HP detailed its core principles to protect endpoints today and for its expected 3-7 years of in-field service:

  • Robust, certifiable roots of trust (RoTs). HP devices deliver hardware, firmware, and software components that perform specific, critical security functions to ensure a secure foundation. Features include industry-leading firmware integrity protection (we know; we tested it in our lab) along with breach detection and recovery (we’ve seen that in action, too). HP is also a leader in meeting third-party certifications such as FIPS 140-3 from the National Institute of Standards and Technology (NIST) that governs security requirements for cryptographic modules.
  • Self-healing and resilience at scale. HP noted its business-class endpoints are designed for a “not if, but when” cybersecurity scenario. Engineers and developers are tasked with ensuring that device firmware and operating systems can eliminate a threat should a breach occur, then self-heal autonomously. HP follows the guidelines detailed in the NIST SP 800-193 standard for IoT platform resiliency, which company representatives helped write.
  • Threat containment. HP is also on the cutting edge when it comes to “zero day” attack prevention. Developers are reinventing the software architecture of PC and print devices by enabling the containment of suspicious activities and potential threats in disposable virtual machines (VMs) running on the device. This can help mitigate the impact of “bad clicks” by end users, since threats would be running in an isolated “sandbox” without access beyond the VM. Shut down the VM, and the threat is neutralized.
  • Zero trust security. Zero trust network architectures are gaining popularity inside enterprises and large companies, and HP is ensuring that its endpoint devices adhere to these tenets, as well. The company is moving beyond passwords in favor of digital signatures and multifactor authentication down to the firmware level.
  • Security across the device lifecycle. HP is also focused on ensuring supply-chain security for its devices, from the factory floor to when the device is finally decommissioned. It does this by offering solutions that manage and monitor hardware and firmware integrity, as well as remediate at scale across the entire fleet when necessary (oh, we’ve proven this in the lab, too.)

 

Keypoint Intelligence Opinion

For years, HP has been touting its Wolf Security comprehensive endpoint security ecosystem that aims to protect devices from cyberattacks, starting at the hardware level and extending to software and services. And while its marketing is indeed slick, Wolf Security’s underpinnings are even slicker. And HP is not afraid to put its solutions to the test. In fact, the company is the only OEM to have submitted products for—and passed—all three of our Security Validation Testing tracks for device penetration, firmware resilience, and policy compliance.

 

Browse through our Industry Reports Page (latest reports only). Log in to the InfoCenter to view research, reports, and studies on cybersecurity through our Workplace CompleteView Advisory Service. If you’re not a subscriber, contact us for more info by clicking here.

 

Keep Reading

The Insider’s Guide to Cybersecurity: Bolstering Your Digital Defenses

The Insider’s Guide to Cybersecurity: The Expanding Role of AI in Hacking

The Insider’s Guide to Cybersecurity: The Rise of AI-Driven Hacking

Related blogs

An AI Renaissance at the OpenText Summit

On May 7, my usual workday was shaken up as I had the opportunity to attend the OpenText Summit in New York City. While many of the OpenText customers present at the Summit were eager to hear about the company’s artificial intelligence (AI) solutions, I was interested to learn OpenText’s views on the role of AI and how it would position itself as a company within that space. So, without further ado, here are some of the overarching takeaways from my day in the city.

A Casual Conversation with AI Makes You Wonder

By now, most of you have at least dabbled with one of the leading generative-AI offerings such as OpenAI’s ChatGPT or Google’s Gemini (née Bard). The complete (and mostly correct) answers in paragraph form to prompts are a huge improvement over the fractured list of links returned by a query submitted to a search engine, which goes a long way to overcoming the “blank page” hurdle of having to craft a cogent bit of writing from scratch. But some recent banter with Gemini that stemmed from legitimate research around artificial intelligence’s abilities led to an entertaining discussion.

A Dangerous Lack of Deepfake Laws in the US

While deepfakes were originally created for entertainment, we have moved far beyond its initial purpose. Recent uses of deepfakes bring up the issue of their legality and other content created with artificial intelligence (AI). While creating revenge porn is already a topic that’s been brought before the courts, unscrupulous arguments could be made that no crime was committed when the images and recordings used aren’t actually real. We discuss here the issue surrounding the legality of deepfakes and offer some ideas on how to protect ourselves.
©
Keypoint Intelligence