Home Business IT Security HP: 'Learn from cyber criminals'

The IT community needs to learn from cyber criminals, according to a senior HP technologist.

HP enterprise security services chief technologist Andrzej Kawalec (pictured above) thinks cyber criminals "have a competitive advantage" over the security community because they are more innovative, faster, more collaborative, more creative, and better funded.

"They understand the New Style of IT better than we do," he observed.

With 16 successful cybercrimes occurring per second with an annual value of US$100 billion, we face "a relentless and dynamic threat environment," he said, noting that one million new hackers - "an integrated army" - are expected by 2020.

"They're taking advantage of all the systems we've built," including software as a service.

Among the problems are people's vulnerability to phishing and other attacks ("there's no patch for people"), untrustworthy mobile apps ("nine out of ten mobile apps have significant security flaws" whether by design or carelessness), 80% of security budgets going on network defences (no longer a viable idea: "the cybercriminals are already inside"), and the way organisations are taking longer to respond to breaches once they have been detected (and that's after the average 243 days between penetration and detection).

We therefore need to understand the way the criminals work, learn from them, and work out how to disrupt them, Mr Kawalec suggested.

So HP has developed or acquired tools and technologies to address each step of the cybercrime cycle - research, infiltration, discovery, capture and exfiltration - and can see what is happening in close to real time.

"We are as relentless and dynamic as the cybercriminals," with 5000 security professionals. HP currently tracks more than 40,000 security events per second, and its TippingPoint operation (which runs a "not-for-profit bounty scheme" that pays 'white hat' security researchers for the vulnerabilities they uncover) has been responsible for bringing to light 70% of the known vulnerabilities in Microsoft products since 2006 and 50% of those in Adobe products.

After the vulnerabilities have been validated TippingPoint builds protections into its own products, informs the vendor concerned, and then shares the information with the rest of the industry.

Even banks and oil companies cannot attract and retain top security professionals the way HP can, he noted.

"You don't have to do it alone," he said, "we're closing the gap on the hackers."

Page 2: New security products from HP.

In related news, HP's Atalla operation has announced new products to help protect customers' data.

HP Atalla customers include nine of the world's ten largest banks, said HP enterprise security products APJ and EMEA director of solutions consulting Matt Shriner (pictured below).

He noted that encryption algorithms are well tested, but publicly known. (It is practically a tenet of the security community that a secret algorithm cannot be trusted.)

"The only secret is the key," he said, observing that "key management is difficult."

So the company offers HP Secure Encryption along with Enterprise Secure Key Manager 4.0. Running on ProLiant servers, the combination secures and manages encryption keys without affecting performance, and provides a single point of management, automated key services, and helps ensure consistent security controls.

HP Atalla Matt Shriner

But sensitive systems are increasingly running in cloud environments, so Atalla Cloud Encryption simplifies encryption and key management for public, private and hybrid cloud systems. It uses patented split-key encryption - which Mr Shriner likened to the way two keys are needed to open a safe deposit box at a bank - to ensure that systems can only access the data they are supposed to.

The product is fully scalable and elastic, he said, and has "virtually no impact on application performance or latency - zero."

HP also has a product to help take care of unstructured data. Atalla Information Protection and Control protects such data from the point of creation, and "your data will be secure wherever it is," Mr Shriner said.

According to company officials, the technology is easily incorporated into business processes, and provides consistent protection throughout the data's lifecycle.

Disclosure: The writer travelled to Mumbai as the guest of HP.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities