Securing the Modern Endpoint: From Risk to Resilience

Well, hello everyone and welcome to another Ask the Experts conversation. I am your host, James Hilliard. This event brought to you by Connection. is in partnership with Microsoft, Intel, and HP Inc. From HP Inc, I'm glad to introduce Mike Schaeffer. He is here with us, the Director of Customer Success for the Americas Decks and Security. Also on board, Jeff Manken is here. He is the Senior Field Solution Architect with Connection. And Eric Chong is also with us

Enterprise Client Technical Sales Specialist with Intel. Glad to have you guys on board for the conversation. Folks, pretty simple concept here. We went out through several online channels and we were simply asking folks out there, do you have any questions about securing your endpoints these days? What about defending against the evolving threats that we're seeing? Or do you have questions about leveraging the latest security technologies across the stack? That's what we were asking. Now the good news for us is you sent in a lot of great questions and I hope we can give you some good news in terms of great answers to the questions that came in. So we're gonna get to those here in a little bit. But I wanna start with you guys and cut a little scene set. And the first question is taking us back to when y'all started in the technology space with a focus on security. What was the biggest concern you had way back then?

Boy, that's going back in a day. Probably, a few of them, but probably the big thing was getting the virus dangers updated. So finding a way to get the machine turned on and these virus dangers applied to that device because they're only good as that signature, anything new, would not be covered. And we were doing it with the CD-ROMs into the machines on our big towers. What was something, Jeff, that was going on in security back in the day?

Back in the day, one of the first things I got tasked with was helping a small team migrate a big old migration of 3,000 workstations from a resource domain to active directory. Anybody that knows what that is, you know how old I am. At any rate, and the biggest concern was keeping the credentials safe and getting it all done at the same time so we didn't have a blue Monday, right? mean, that same project would be a lot easier nowadays with the tools that we have. we did it. It was fun. Learned a lot, man. Learned a You're not looking to go back and do it again?

No, But lessons learned. Mike, what about you? So guess I'll go further back in time then. yeah, actually, first job, strangely, the biggest security concern was people tripping over coaxial cable for the Novell network that I was supporting. So I guess that's physical security. Shortly after that, yeah, we got into permissions, passwords, and virus pretty quickly. yeah, that was a long time ago. I dare say it was a simpler time. But there was also, I think, a lot that we didn't even know about security. There were things that we weren't securing that we really should have been that has probably led us to where we are now. Let's bring us to

Today, let's mic with you. Now, as we sit here, what are some of either your top concerns, the things that you're pondering about, thinking about so that you can make sure customers are safe out there and or that they're bringing to you, but that top concern idea? Some of the concerns are the same. So I still care about passwords just in a little bit different way. I care about permissions. I care about education of users. So we get in trouble because people take an action that's wrong, they click on the wrong thing, they do the wrong thing, they give the wrong information. So I'm still concerned about some of the same things I always was concerned about. Malware, of course, has gotten a little bit more advanced, to say the least.

So a lot of my time is spent defending malware, isolating clicks that people have, making sure that they don't get themselves in trouble. And then a little bit, of course, you can't not have a conversation about AI. So when we get into AI, everybody has questions about AI all the time, how we're looking to defeat AI-based attacks or what's going on with it. So that's out there. And a little bit on the quantum side. we're- Which we'll get to. There was a question we selected that talks about that. And with AI and quantum, a little bit of what concerns me is I don't know what I don't know. Like the more I learn, the more I feel like I'm not educated in it.

So constant struggle to be up to date. And I think that's something that those watching, it's like that's probably why they're watching this, what do I need to be aware of? And sometimes we get so busy in the day to day that we need to stop for a second, have these conversations and know, okay, what do we explore for the next? Jeff, what is the current focus for you, your team, the people that are coming at you saying this is where we're struggling? Well, I think back in the day, it tended to be hardware. Everybody had a password, but that's about it. And it wasn't a big deal. Hardware was more important.

Now, in my space, identity is a big deal. People are getting attacked all the time, phishing attempts and whatnot. And just that idea of trying to protect the identity, keep users aware and up to date and conscious of the threats that are out there. Education a lot of times is incredibly important in trying to help them.

And I know a lot of our IT listeners, they recognize what's going on security wise, but sometimes it's us end users. Because there's so much change that we just figured that the magic will happen behind the scenes and we still have to do and your users have to do good compute and that's still a challenge education. I definitely see still as well. Eric, what is that focus that you have now laser focus on security and what you're seeing? I'll take it from a different approach. A lot of customers I deal with is the resultant, the results of having too much security. Okay.

So what happens is a lot of the large organizations that deal with, they have a ton of security agents. And as result of it, the performance of the device goes down significantly, battery life goes down significantly. So how do they address that? And we have ways of doing that, but that's the biggest concern that I hear with the IT folks. Not necessarily security folks, security folks. We'll just put on this agent, let it run, let the IT folks worry about the other stuff. But it is causing a bit of concern because the employees want that good experience when they're not getting it because there's so many security agents running on that.

And that's always been a balance we've been looking at if you put the security in there I know there's a question in here that we'll talk about kind of shadow IT shadow security because that is a big concern so that's what we're gonna do now folks is we got a great deal of questions that came in from all of you and we really do Appreciate all of those we're gonna go through probably about 30 minutes or so of these questions and try and give you again answers, but also hopefully it'll lead to…Well, what about this? And maybe we need to have that discussion, right? And that's ultimately the deal. And we want you to also hopefully come away with understanding that Microsoft and HP and Intel and connection together can bring you to that more secure environment. That's ultimately what we're looking at. So let's get into questions. Eric, you get the first one. This one comes from Evans and was saying, how significant are firmware level attacks today?

And how can organizations really detect them, prevent them? So the firmware attacks are becoming more common because historically people attack the OS. What's next level down from that? And that's the firmware. So there are a few things Intel has built on VPro platform devices. We'll get into two technical details, might bore people, but we have ways of protecting the firmware at boot time so that it's resilient, so it's hard to penetrate, how to actually determine if that's happening is a bit more difficult because we do need help from our friends such as HP and Microsoft to say that's happened.

But we do have the mechanisms at a hardware level to protect that. I'll take it one step further. The big thing is not just the firmware but the supply chain as well. So what Intel's done recently is we have something called Assured Supply Chain where on the new Pantalex devices, I mean, it's very timely because we just announced these on March 23rd from a commercial perspective of this year.

We know exactly what factory those are built in and they're built in non-geopolitical factory. Really, it's built in Arizona. And that way we can, the customer who buys these commercial SKUs knows exactly where it's been built and they can test it at any point in time. And there are tools in the marketplace that will determine, and HP has them as well, in terms of ensuring that your firmware is up to date so that it can provide that protection against firmware attacks. Back to Vepro, I can remember in one of my past careers, a technology reporter, at the launch of Vepro.

And it took a while to gain some traction. And that is known in the industry. But I think now, and I want your observation, have folks engage with, and are they really learning how valuable Vepro can be these days to help them with exactly issues like this, firmware attacks, et cetera? Yeah, absolutely. I mean, the first thing is that Vepro, think, maybe it's the con...the representation of it, people think it's just the active management technology, the other band. It's a lot more, includes security in that aspect of it. But a lot more customers are adopting the active management technology part of vPro.

We have services now that can make it very easy. In other words, Intel hosts everything. So there's really no skin off the corporations back to get it up and running. And we see that adoption. We see a lot of adoption from our ISVs, our friends at the software vendors, because we built in a lot of security hardware acceleration at the silicon level.

and they are taking advantage of that. absolutely, it's been open for 20 years now. Yeah, yeah. Told you it was a long ago career part of my world. Michael had a question. We appreciate the question, Michael, and this is going to mix you in as well, Mike, but I'm going to start with Eric here and we'll build upon. The question was, how do OS level protections, things like secure boot, things like virtualization based security, how do they work together with hardware defenses? You start and then Mike, I want to get you in on this. Well, from a silicon perspective,

there are things that enable it to work. So we're talking, there's a company called Bromium that does what they call micro VMs and HP has since purchased that company. And you have to have certain harder pieces built into it, namely TXT enabled, et cetera, or Intel virtualization technology turned on for that software to work. So you have to have that base level of silicon for it to work. We have other things more recently for virtualized base security or VBS, which is a big catchphrase now.

where Intel can actually encrypt that container. So it becomes harder than itself against other attacks running in that particular container. So there are security pieces starting at the silicon that the various IZs can take advantage of. Hardware was always at the focus of security back in the day.

Then we did get a lot of software focused security and then it kind of swung back where hardware and hardware manufacturers really looked at saying we got to make sure that these boxes, this hardware is secure from the get go. So talk about that and addressing Mike about dealing with and how this all comes kind of full circle now. Yeah, so as mentioned, Bromium became two products called SureClick and SureAccess. So both are virtualization, both are hardware dependent.

So we will not run if we don't have VXT enabled. So we're isolating memory, we're isolating CPU at the chip level to enable our products to work on the OS level. And basically what we're doing is we're isolating for a short click, we're isolating anything that could be risky. So we're trying to educate users and we know how well educating users work. It gets you part of the way there, but people are gonna click on dumb things, I do. Don't multitask tend to do bad things. So clicking on something that could be malicious, we open it up in a virtual machine. And it's a protective virtual machine. So we can't go east-west with any of the bad things that are happening. So it's isolated to that device. It's isolated in that VM. And when we close that VM down, we have the information, and it gets destroyed. So malware isn't a problem.

The other piece we have that's very similar to that, also hardware dependent, is Sure Access, which is basically think of it as a software-based thin client device. So goes in the PAMP-PAW model of Privileged Access Workstation. So if I'm administering an Active Directory, or going to some high-value resource, I'm doing administration, I don't want people taking screenshots, intercepting any keystrokes, or running malicious code remotely. I can isolate that, and I'm sure that I'm isolated. I don't have to have a separate workstation to do that. So both those technologies are fully dependent on the hardware, but they work on the OS level. And dependent on newer hardware, right? So that's where a lot of organizations have been going through the refresh cycles now. And so it's got to be something that they need to be evaluating, saying if we want to take advantage of the promise, we do need it on some of the newer hardware. Correct. Yeah, more developments every day as far as what we're doing and adding on at the chip level to what we can do. And we mentioned supply chain as well.

We're working on that side also. when you have something shipped, we're taking a snapshot of what that configuration looks like and we can verify it when it gets there. That way we know it hasn't been tampered with in transit. So advances keep happening very fast. Jeff, let's mix you in here with Kelly's question. For organizations with a hybrid fleet of older and those newer devices, give some strategy to maintain a consistent security posture across the stack when again, some of the older hardware may still be useful, but it can't handle the latest and greatest when it comes to some of the security offerings. Yeah, we never see a fleet that's mixed. just doesn't happen. Because everyone has tons of budget to get all the latest and greatest. When you start talking about mixed fleets, you have to think about, realistic. Consistent doesn't mean everything's the same. But creating a proper baseline is going to be critical. And you can do that with some of the tools that you probably have at hand already. When you're talking about that baseline, want proper encryption and antivirus and all that goes with that. You have to have a minimum threshold. There are also going to be situations where you want to make sure your coverage is absolutely as best as it can be. And I mean like in-tune enrolled, defender endpoint, an endpoint protection.

Those things should be a standard. And if you can't have the latest, greatest everywhere on everyone's machine, you can take a tiered strategy. You're going to have different levels of threat depending on who your workers are. If you have one of your senior engineers and they're touching stuff that can bring the whole enterprise down at times, they need the good stuff, if you will. Make sure they have the proper machinery for what they're going to do. A tier below that might be some of your more sensitive roles. Maybe think finance, maybe your executive team, et cetera. Now those folks better have near full functionality.

Then if you have to use some of that old stuff, think about people, your general knowledge worker who's not going to touch sensitive data with frequency. You can also try and mitigate the danger, if you will, by some of your software approaches, conditional access policies, MFA, and making sure your policies are up to date.

I think I'm hearing from there is also it's not just evaluate because again organizations and IT wants to usually prioritize. Hey, who needs to get what? But it's no longer, hey, let's just give the executives what they need. Then marketing gets this. Within marketing, you might have a level of, hey, these marketers have a lot of data about what our industry is doing. So.

The top of marketing needs that, but a couple maybe the junior members that are working on more graphic design, maybe they don't yet. So not just that, but really look at the individual personas as to what they need. Spot on. mean, there are certain roles, if you will, that are going to engender more danger to the company. Identify those. Different companies may have different roles that that would apply to, but tear it out and use your best equipment in the most sensitive areas.

Make sure your policies are up to date and in place. Let's jump over to Cora with a question here. Going through what I had mentioned Mike starting with you here, going through a refresh and this is what they had going on. We're refreshing our endpoint fleet. Want to buy hardware that's secure by design, right? Not just software that gets bolted on later. What specific hardware features from HP and also Intel, so we'll hear from

Eric here, should we be demanding from procurement for them to look at? What questions do we need to be asking of the vendors? What does Cora need to be asking of HP? When you're buying HP equipment, if you're getting commercial equipment, you're already getting the most secure PCs available. A couple of things. So don't have to work too hard to actually order specifically on some of these. So we write our own bios. So we know exactly what's going on there. We have something called an endpoint security controller on all of our commercial grade devices.

So the endpoint security controller is our piece of silicon that allows us to do things on the security side, such as store a known good signed copy of the BIOS. So when I boot, we check that BIOS. If it's tampered with, then we will replace it back from that gold copy. The side benefit of that is if your BIOS is corrupted, which everybody still is concerned about, we'll replace it and you get back up and running. So those are all part of our build. So that's in there.

But we are able to do a lot of things with endpoint security controller. One thing to look at that I would say when placing an order, if you're worried about theft of devices, so physical theft, we have a product called Protect and Trace and we have a subproduct of that called Wolf Connect. So it's interesting and it's kind of fun. We build a modem in this purpose built cellular, so you don't need a provider. It works anywhere in the world where we do business, but we can track a device and we can lock it or erase it anywhere in the world where we do business. And you don't need a SIM card, you don't need anything else, you have a subscription for that. It's dependent on hardware, but it's nice and it works even if the device is turned off. So we see that in healthcare, we see that in financial quite a bit where we're really sensitive about those devices being out in the wild. So we wanna make sure somebody steals it from me when I'm at the bar or something. All of a sudden my laptop's missing, I want to at minimum lock it.

Even if I have it turned off or probably erase it. So that's the one thing that from procurement, I would say that needs to be ordered specially, but the good news is almost all of our hardware-based security features are already built in. Cora mentioned Intel wants to know, on that procurement side, what should she be asking and demanding of the product line? So the commercial PCs, Mike, is spot on where they have the highest level of protection out of the box, but I'll take it one step further.

Intel's something called Harbor Shield, which is overarching security narrative in terms of the features we have. But on VPro platform devices, there are features that aren't available on regular non-VPro based devices. And the other important piece to realize is that some features are mandated to be turned on if it's VPro platform. So we talked about Bromium earlier, now HP SureClick. One of them is the VTX technology, virtual technology. Even a device that's not VPro may have it on or have it enabled, but it may not be turned on. Part of the V-Pro specification is that it has to be turned on from the factory. So you have that protection out of the box. So, hate to use a four-letter word, but V-Pro. If you buy V-Pro-based devices, platform devices, you have the highest level of protection out of the box. And that is a little bit, again, I'm gonna go back to my early days learning about V-Pro. It was available, but people didn't turn it on. They didn't know to use it.

And now we're saying, it's out of the box. When you get it, it's there. It's up to you if you turn something off and if you do, well then good luck and stay off the front page of the New York Times. Well, it's a point to bring up because part of ePro is the active management technology. And when it first came out, and it's still true today, the most popular use case scenario is the power control. So one part of active management technology, can remotely power on a machine, remotely power it off, restart it, et cetera. The big one was power on. It's not wake on land. It's actually discrete power on. And the reason why people wanted to power on devices was so they can actually put their most current virus signatures on there, or firmware updates, driver updates that usually counter vulnerabilities. And that's still the number one use case scenario for active management technology, which is a subset of ePro. Robert had this question saying, strategies can organizations implement to detect and respond to file-less malware and living off the land attacks that are bypassing the traditional endpoint defenses? Jeff, how do we deal with that? Good fun.

When you're talking about a fileless attack, mean, really you're talking about behavior, not payloads as much. And a lot of times they'll use, they're using utilities and tools that are baked into the system, right? PowerShell, WMI, scheduled tasks, what have you. So it can be challenging, but you are, looking for behaviors at that point. In a Microsoft native solution, you're talking about having Defender on the end points.

Intune policies to set up your security baseline, XDR to collate, and really be able to take in all the data points. that rather than having a static system that, you know, let's face it, a lot of these things can look like normal user behavior right up until it's not. So you want to take a look at all those behavioral points and be able to assimilate them.

And then you have an actionable item. So much of that is trainable within the Microsoft ecosystem so that you can have a workable game plan, that run book, so to speak, so that when something goes sideways, when the alerts go off and bells start whistling and clanging, your team isn't at a loss for what to do. There's a lot of automation that can be put into play so that things can be addressed timely, right? Devices and identity.

Next question I want all you guys to respond to Brianna out there. So Brianna, appreciate it. Kind of goes back to what we were talking about, prioritization of things. How should organizations prioritize endpoint security investments when threats are evolving faster than the budgets are? And we were starting to talk about this a little bit earlier, that just the speed of things. So what are some tips that you offer when you're in conversation, Mike, with a customer?

And they're dealing with this priority and we gotta find money somewhere and we know we have to spend some of it, but what advice do you give them there? That's a really tough Get a bigger budget. Yeah, that's basically it. yeah, I think protecting the endpoints is high on my list, of course, because that's what I deal with on a regular basis. So I believe that education is an inexpensive way to get a little bit more bang for your buck and make sure people are educated on what we're protecting against and what not to do. What's education? Is it watching some videos that the IT team sends out that came from HP? Is it doing little seminars in going to the legal team and saying, hey, legal guys, got to sit on down. I got to tell you what to do and what not to do? What's education? Meaningful training, and I'd like it to be alive. I do my compliance training while I'm doing something else. So I'm in security.

Probably much assuming that I know everything that's on there anyway. But I think a lot of people do that. So they take the training like, yeah, yeah, yeah, whatever. Don't click on stuff. And don't give your passwords out and all that kind of thing. And they get to the questions at the end that are pretty much softballs. I'd like to see real training, interactive training where people are asking questions and people are paying attention and responding to those questions with real knowledge to prove that. So that's the thing I like to I think nobody does a great job with that and it shows that people will randomly click on things. But yeah, after you get to education, think protecting the endpoints. So many attacks started at an endpoint. That's my way in the door. So I want to secure endpoints as much as I can. So basic stuff that we have available, turn your firewalls on. You don't have to buy anything more. That's going to be included in something you have, I'm sure.

Of course, I'm a proponent of isolation technologies in there so I'm going to say that's a great thing to buy. I 100 % believe in the SureClick slash Bromium story. That's why I work for HP now because of that product and I love what it does and that extra level of protection that you're going to get above and beyond any kind of traditional malware detection or Defender or anything else. So that's going to get 95 % of what you're trying to catch but 5 % is what gets you in the news. Right, right, right. Eric, you know.

Prioritizations, budgets, always a concern. What's your advice? I'll give you the non-silicon answer. I think a lot of it's consolidation. So Intel went through this process a few years ago, but we have a program at Intel called IT to Intel where you as a customer can speak to our IT folks, so just peer-on-peer, no sales folks involved. And I mentioned earlier that the big issue we see is too many security agents running on the device. And a lot of are repetitive. Why do you have Agent A and Agent B which do exact same thing?

If you look at the scope of what's running in your environment, can that be consolidated or not? I think that can help greatly because I think a lot of folks haven't done that. Or they say this department requires this, this department requires this, because although they do the exact same thing, why can't these that same agency have a licensing cost? Gotcha. All right. A good tip on that. Final word on priority and budget and what's the advice? Well, all too often, not casting shade at my security brethren.

The idea is go buy another tool and all too often that's the wrong approach. Eric was saying that earlier, right? They have too many security tools out So I say find out what tools you already have and in the Microsoft space a lot of customers already have some of these key tools and they can make use of them. So fully use the tools you do have. If it's Intune, it's Defender, it's what have you. Whatever your tools happen to be, make full use of those, then identify where the gaps might be and begin to close those gaps. When you've given advice like that to customers that you're engaged with, do they say, all right, Jeff, we'll go and check this out. And they do, and they come back with that aha moment like, dude, you were right. There were a ton of things we did.

Does that happen often on a? Set it up. Set up Intune. Set up your policies. Set up Defender, get everybody enrolled, let it run in report mode for a couple weeks, and then bring that report back and compare that against what IT thought they had covered and watch the eyes open. It'll give you a good look at just where your vulnerabilities might be lying, machines that are out of compliance, what have you, contractors, machines that just linger around, temporary machines that are now permanent machines, all this stuff. You can find that if you implement the tools you already have frequently. Then if you need a whizbang tool, go ahead, go looking. Aaron reached out to us on one of these questions and he was honest, Eric. This is what he said. We recently discovered that a vendor's firmware update introduced a vulnerability that we could not detect with our standard EDR tools.

We are not going to mention Aaron's company name. How do silicon level protections from Intel actually help catch threats that do live below the OS. Is this something that you hear often as you engage with folks that, hey, all of a sudden it was an outside group that we're working with and they introduced something that is really kind of messing with our organization? Yeah, I mean, the firmware attacks, as I mentioned earlier, are becoming more prevalent. Now, when we think of it on a broader scale, I'll speak on behalf of Intel's components, but there's other components that have firmware aspects, sound cards, as an example, maybe some other peripheral devices. So it's not just from an Intel perspective, but from an Intel perspective, again, we have that assured supply chain. We have a reason for protecting the firmware that we provide, very similar to what Mike mentioned in terms of at boot time. There's one thing that's part of ePro called runtime bias resilience. Fancy way of saying that when that device boots up, we ensure that firmware is the actual firmware by using certificates to ensure that firmware is being loaded, then we harden that memory address. So that protects against it.

It's more the prevention than detection piece of it. And we've done a pretty good job, I believe, over the past few years in that aspect of it. Do you have any thoughts on that? Have you come across that scenario where someone's all, hey, Mike, someone else screwed up. What do we do? Yeah, I've seen that. I think, yeah, the firmware attacks are scary. So I think we've done a good job. So we've done the hardware level. We've done the firmware level around BIOS. But yeah, the firmware on peripheral devices is scary. We started virtualizing that recently, within the last two years. So we're doing introspection on that as well. So somebody gets a new hard drive. We don't know about the firmware of that hard drive, but we still have to load that. So we're looking at that as it loads up to make sure there's nothing malicious in that. But yeah, firmware attacks are really scary. That's where I would go if I was trying to get in there. Like you can't just reload your operating system and get rid of it. So once I'm in there, I'm in there and you can't get rid of whatever I've done. So yeah.

Martin, with the question, Jeff, this one will come your way. With identity, which again you had said early on, big focus for you, with identity now being the new perimeter, how should endpoint security integrate with zero trust architectures? Zero trust, it gets thrown around a lot. It does. Back in the day, you logged in once and that was it for the day, right? Now we're looking more at a do I trust you now?

And do I trust you on this machine? Should I still trust you? Should I still trust you, exactly. So for that kind of environment, you need to be taking advantage again of the tools that you have. If your devices are fully enrolled in your Intune, and your policies are configured such that you have conditional access and MFA and et cetera, that's going to go a long way.

And if you have your endpoints protected as well, they're checking for your identity, got, does that say defender on there or any other, pick your flavor. And then you can run that back to XDR and keep tabs on this. You weld them all together. And the advantage that a Microsoft Native solution brings you is it does have all the data points touching each other, right?

So that can go a long way towards helping implement that zero trust. You bring the friction down, you have compliant devices so now they can log on. It's a much more seamless expression for the users. The security's still happening but the users are eased in a little bit. SSO works, know, instead of having to log in to everything. You know, the trust happens under the hood, so to speak. So that integration of utilities is going to go a long way towards facilitating that.

Felix had a question, Mike, for you. And it's, in our sector are now using artificial intelligence to create. Yeah, really? That's what's happening? They're using AI to craft hyper-personalized spearfishing at scale. I remember, side note, I could get those emails, fake, fake, fake, fake, fake, now, don't even try. They all look real to me. Anyway, they're doing these hyper-personalized spearfishing at scale. Is there?

An endpoint protection strategy that evolves as fast as these AI-driven threats, or are we just bound to play catch-up the rest of our security lives? A little bit of catch-up. it's, spearfishing is interesting, and I'm with you. So what I get now is amazingly good.

Like, it's telling me, to say it, but it is. My package has been delayed at the carrier facility at X. And like, that is my carrier facility. You know a lot about me. And you know where I'm buying from. So it is... It is super realistic. I... Even worse when somebody's... You recently ordered something and then it comes to you. They got lucky, but... Yeah. Right, yeah. So everybody knows a little bit too much about all of us. So you can make those targeted attacks. One thing that is effective, and it's been around for a while, is...you know, some sort of credential protection strategy. So if I'm gonna be conned into clicking on a link, I want to make sure that link is going where it's going, where I think it's going to go. Is it going to my bank for real, or is it going to a website that looks like my bank? And most of these are based on how the trust level of that URL. So I can look at it and say, okay, this user's clicking on something, but that domain has only been in existence for three hours.

So credential protection has been around, I don't wanna say go back to an older technology, but that will work. If I do end up going somewhere and clicking on the wrong thing, yeah, then I'm always gonna default back to isolation. But one of my hobbies is my Gmail. So in the morning, I'll look at things like this is probably something I shouldn't click on, so I'm definitely gonna click on this. Because I'm protected, and I wanna see what it's gonna do, and I wanna follow it through of this is what you're going try to get me to do next, this is what you're going to try to do next.

Like I'm to click on that exe file, hopefully it'll do something cool. So having a protection in there that you can trust, that if you click on the wrong things or your users click on the wrong things, that's great. And protecting them from giving out their credentials or going somewhere they shouldn't, also very important. And we do that. Other vendors have that as well where...

I try to enter my credentials into PNC Bank that's not really PNC Bank and it says no, you're not gonna be allowed to do that and it stops me. protecting people from themselves. He was not giving advice telling you all to go out there and start clicking on stuff. He's doing this for his education purposes so they can provide good stuff to you. Don't do anything I Exactly. Let's just, I wanna broaden Felix's question just a little bit to a broader focus from the Intel perspective on observing how AI is being used as a inroads on security to attack us and where the focus is that you all have with either using AI and just how you're evaluating the threat that AI has and how you're combating it from that Intel perspective. Yeah, Intel, we have a bunch of white hackers that look at this stuff all the time and I'm doing some quick math in my head. I think it was about five, six years ago, Intel brought into market technology with our 11th gen CPU.

So again, it's going back, but it did use a form of AI to detect against ransomware and crypto mining because it knows the algorithms people use because hackers are smart, but they're lazy as well. So they use the same algorithm. So we know at a Silicon level, these are actually happening. So over time we've actually enhanced that algorithm. Now we call it, I hate to use technical terms, but DETECT, where it actually will have other things using AI to detect against these things.

But again, we don't need so much from a silicon level, we still need our friends from Microsoft and HP to have that enabling from a software perspective to actually stop that attack from happening. So we can detect things at a silicon level, we continue to actually put this enablement in the actual hardware itself. I think we have time to get to probably two more questions and we might be wrapping things up. I want to give you though a quick 30 second with your connection hat, 30 second with your Microsoft hat, you choose which hat you wear first on the AI story here and where the focus is to really understand how AI is being used to attack and how it can be used to prevent. Which hat? Which hat? That's the big question, which hat? Well, since Connection sells hardware, software, and services, and Microsoft falls in there, that's fine. I'll wear them both. OK. You know, when those phishing attacks, the AI enhanced attacks are coming in, one of the first lines of defense is going to be at the email.

It's an email war, right? Microsoft has tools, Exchange Online Protection, to try and help with that. There's several other tools that you can add to augment that, where you will detect bad links and the like, where users will try and click on something and it just doesn't go, right? So there's a software angle to that. I think any enterprise out there also needs to be diligent with training. Yeah, I've seen some enterprises that are awesome at it.

You know, they'll lead them through training that you can't just sip a cup of coffee and do other work at while you're doing the training, where they'll force you to actually look at the URL that's in the email address. wow, I mean, that's good training. It's tedious for an end user and you might think, wow, that's just too much. But training along with those software solutions. All right, last question specifically for you, Jeff. Divya.

And we mentioned this, again, I believe in the introduction talk a little bit about there's the chance for shadow security or shadow IT because the security is too intrusive. And so I'm just going to do it this way. Was asking, where do you typically see invisible endpoint risks? And are there ways to then kind of go in there and uncover those? It's kind of the blind spot question. the side view mirror question. like, what's coming up on us? And where is that blind spot for lot of

Anything across the board? Yeah, there's a few. I think giving users too many administrative rights is a start of an issue. It allows them to do things with utilities that they should not be doing. You can see things like remote control software I want to get to my desktop. They don't give me a laptop. So I need to remote control my desktop on Saturday. man, you're introducing all kinds of risk. Synchronizing personal files from a Gmail or a OneDrive or whatever, name your offline files. Syncing those personal, because who knows what the risk is there? That kind of thing. It's like a submarine under the water, man. You don't know what you have until it launches. And that kind of thing can be a risk.

Addressing those issues, I hate, you're not going to get all, you know, these people, but there has to be a communication there. And frequently for enterprises, it means offering them a solution that you are aware of rather than trying to just take away all their toys because that's how it would be perceived. And they'll fight against that, right? And then we've seen that nobody wins. Nobody wins, you know, unhappy users.

frustrated IT security professionals and compromised data. So find tools that do work for your users and take action that way. Well, we have come to the final audience question here. And Polly, you were the one we're going to wrap things up with. And I'm doing this because she's taking us beyond today. Says here, as we look past 2026, cryptographically relevant quantum computing poses a threat to long-term data and firmware integrity. How are you, over at Intel, embedding quantum-resistant cryptography into the BIOS and firmware level, and how are you doing that today? So we are doing that today. So let me just kind of define post-quantum computing, also known as PQC. So there's really three things we need to look at. The idea behind post-quantum computing is that in the future the computers become so strong you can break the cryptography of today's systems. And the three things really are the bad guys going to harvest the stuff today, encrypt it with today's technology, which is Shor's algorithm, and then break that later on, or break into it later on. The other one is using today certificates and digital signatures that are PQC resilient.

From an Intel perspective, we are building that into our firmware, a lot of the standards have not been finalized yet from large organizations such as NIST, but they are coming very short. There are recommendations on it. So we are building it now into our firmware on our client-based machines. And I a lot of our partners such as HP are doing the same. So we are ready for it, but we're waiting for that finalization to come before we can put the final stamp of approval on that device. Oh, he name dropped you, Mike. HP's got to focus here. Yep, that's correct. So it's starting in fall of 24, I believe we started doing using quantum resistant algorithm. So, yep, we're on board as well. Okay. Let's do this. Let's do a final thought. This can be a strategy. It can be a tactic. It could be just a good old fashioned reminder of good, cleanly computing and security practice, but something that's on your mind that you'd love for the audience to take away to remember so that we're more secure tomorrow than we were yesterday.

Okay, so one HP specific is if you own HP hardware now, you own a lot of hardware security that you might not be using. And you already own it, so we're not trying to sell you anything additionally. So take a look at that, see if you can leverage that a little bit more. That would be one thing. And then on a broader level, going really old school on this, don't use the same password for everything. The cyber attacks I've been involved with start out with something simple like that where...

I'm using my dog's name for every password I have. Somebody gets it from my weather site or something, uses it for corporate. Don't do that. That is a great, great reminder, Jeff. I'm going to go identity. These gentlemen cover the hardware well. But identity, think, is king for the user. That's what they can control. They've been given hardware. Now protect the identity. That means taking a critical eye towards stuff that comes to you. In your email, the phishing attempts are real. And we comment on how good they are now.

Take the time to look at those hard. Don't be bringing in external data. Listen to your security team. Try and help them out a little bit. And if you're on the IT side of the fence, take advantage of the tools that you have. If you're Microsoft native, hey cool, in tune with the policies. Defender for endpoint, XDR to correlate.

Get all that going so that you have your best chance at safeguarding the identity and keeping your environment safe? I think you might have gotten lot of smiles in the audience out there when you said, to the security team. That's a key Sometimes they know what they're talking about. Eric, thoughts on how are we more secure tomorrow than we were yesterday? I'll take a bit of a different approach. I do more with the IT folks and security folks, so I'll look at end user experience. So look at your security tools if they actually have enablement for the accelerators built in the actual silicon itself, ot just the NPU, not just the things that are security specific focus, but even simple things such as how the security agent runs on the Intel hardware, what we call performance cores, efficiency cores. A lot of them are not quite optimized yet. We're getting there, but really having your security vendors optimize their software to run better because chances are they're not going to get rid of a particular software vendor, but if that software vendor can optimize their software to run better, why not?

All right, well with that folks, I'm gonna take us back to the beginning of this event. I said that you sent in great questions to us. I hope that we sent great answers to you. Really appreciate Mike and Jeff and Eric for being here. Also the teams at HP, Intel, Microsoft and Connection couldn't have done this event without those teams and couldn't have done this without you in the audience asking those questions. Really do appreciate the conversation you allowed us to have here. We hope that continues the conversation.

If you have a team in place already here at Connection, then reach out to those individuals. They'd love to continue working with you and talking with you. If you don't have a team in place, a couple things you can do. Give us a call, 800-800-0014. That's 800-800-0014. You can also join us online. We invite you to visit connection.com forward slash modern endpoint. With that, we will wrap up this Ask the Experts event. My name is James Hilliard, and we do look forward to talking to you all down the road.