00:00We're here today to discuss the new level of resiliency that's required in this evolving time of cyber security and
00:08what it really takes to get there.
00:11And, David, you know, we hear a lot about how AI is transforming how businesses operate.
00:17But you're seeing it change how attacks are happening as well.
00:21And I'm curious to see what that looks like on the ground.
00:24Yeah, you know, absolutely. AI is changing the threat landscape.
00:27So, you know, first of all, agentic AI is letting adversaries kind of automate at industrial scale.
00:36So much like, you know, you could use vibe coding to create an app, the threat actors can use vibe
00:43coding to create an attack campaign.
00:46You know, in the past, a lot of these things required specialized human expertise.
00:51And so the breadth and speed with which adversaries could move was kind of limited by those human resources.
00:59But with agentic, if you want to go faster, you want to go broader, you just spin up more agents
01:03in parallel.
01:05And they work 24-7.
01:07So this is, you know, really driving a lot more threats across the landscape.
01:13People are moving faster. It's a different environment out there.
01:18It definitely is. And what is HPE doing to help enterprises get ahead of this?
01:25Yeah, you know, coming back to the first question a little bit further, you know, the second thing that we're
01:33seeing with AI is it's enabling much more sophisticated phishing campaigns.
01:37You can use AI to impersonate people. You can use AI to create much better context around things.
01:42And then, you know, lastly, AI is now getting extremely good, you see with Mythos, extremely good at finding vulnerabilities
01:52and creating and chaining exploits to take advantage of those vulnerabilities.
01:58So, you know, in terms of your question of what we're doing at HPE, first, we're part of Project Glasswing.
02:04So we've been very hard at work using frontier models to analyze our code to find vulnerabilities and to fix
02:12those as fast as we can.
02:16The second thing is, you know, the second thing is we have an HPE threat labs team, they're working continuously,
02:22they're distributed around the globe, monitoring our customers' networks, monitoring various different deception infrastructure that we have to learn what's
02:31going on out there in the wild and develop new threat signatures.
02:35We also share those with other cyber security partners or competitors via organizations like the Cyberthreat Alliance.
02:45Then another thing we're doing is working on ways that we can detect threats, again, using AI, but without signatures,
02:55looking at the behavior so that we can find and block threats where there is no signature, when it's still
03:02not even a zero day.
03:03It's not a disclosed vulnerability, but from the pattern of behavior, we can tell it's something suspicious and it should
03:09be stopped.
03:10So those are some of the things, but probably the most important thing that we're doing at HPE networking is
03:17helping security teams use the network as a security tool.
03:23And so when you think about the network, it's in the path of everything.
03:27When there's a fish happening, when there's a command and control channel feeding information back, when information is being exfiltrated,
03:35all those things are going over the network.
03:37So the network is a fantastic place to use as a security sensor and also as a cyber security enforcement
03:46point.
03:47Very good. And, you know, as you're looking ahead, what is HPE's vision for resiliency for enterprises?
03:55What does that actually look like? And how do security teams need to think differently in order to get there?
04:00Yeah. So first of all, you know, I think the shift is from, you know, towards being cyber resilient.
04:06So, of course, that means deploying all the tools at your disposal, but it also means planning ahead to be
04:14ready in terms of how you're going to react and respond to kind of a worst case event.
04:19It means implementing things like zero trust principles so that the blast radius of any event is contained and that
04:28hopefully you can continue with your business processes.
04:31You've got business continuity, even while you may be dealing with a situation in a small pocket of the network.
04:39You know, so that's really key. And, you know, a big part of what we're doing is helping the security
04:46team and networking team align and cooperate together.
04:49So often the network team is really focused on delivering a great experience to users, making sure we've got application
04:56uptime, while the cyber security team is trying to protect things.
05:01And oftentimes those goals are actually slightly at odds.
05:04So what we've been doing is making sure that when we're implementing our kind of self-driving network infrastructure, we're
05:11providing a separation in terms of setting policy, which is a security team role, in terms of, you know, providing
05:17that threat, the threat indications, again, to the security team, letting all that happen in parallel, while the networking team
05:25is doing their day job of delivering a great experience.
Comments