Kathy Gibson reports from London – White hat hackers are leading the charge against cyber threats, having uncovered well over 2 000 threats and earning over $8-billion in the last eight years on the HP Zero Day Initiative alone.
Jacob West, chief technology officer of HP Enterprise Security Products, explains that HP has a relationship with 3 000 independent researchers who are all involved in uncovering malware and vulnerabilities on systems across the board.
When they uncover a vulnerability, they disclose it confidentially to HP, which then offers a market-related price, or bounty, for its details.
Once this transaction has taken place, HP ensures that its customers systems are secured against the vulnerability and also alerts the software developer to it. The software developer will then develop its own patch for widespread distribution and use. If it doesn’t do so, HP makes the vulnerability public after 180 days so customers have the option of securing against it themselves.
The Zero Day Initiative, however, is just one of the ways that HP is working on understanding the world of cyber threats in order to secure systems.
West comments: “The reality is that we are in a war against increasingly advanced adversaries, who are increasingly motivated by financial gains.
“In the last few years we have heard about hacktivists, nation states and cyber criminals. However, we believe that focusing on the type of adversary is a red herring: what we need it to understand that we are up against a marketplace of adversaries that specialise in breaches, and who share their information. This is a marketplace with works well together and collaborates to cause damage.”
HP thinks of security breaches in terms of an attack lifecycle. Adversaries research – to understand the technical aspects of the organisation and the individuals inside it; they infiltrate the systems – gaining a foothold by compromising a network or an application; in the discovery phase they move around in the systems; they then capture the target organisation’s digital assets; and exfiltrate when they gain ultimate control over those assets outside of the system.
HP Security believes there are specific actions that organisations can take to protect at each phase.
To counter the research phase, users should be educated and counter intelligence can be used to understand who the adversary is; infiltration can be prevented by denying adversaries an initial foothold through a system vulnerability; more resources could be deployed to prevent discovery once the adversary is in the system; and capture can be mitigated with better asset protection; once exfiltration has occurred, companies should have a response plan in place to lessen fallout and long-term damage.
HP Security Research is mandated to provide innovative research, actionable security intelligence and thought leadership, West explains.