HP just announced the acquisition of Bromium, a unique small security company. I must admit the name “Bromium” kind of sounds like something you’d take if you had a stomach problem, but given a breach could make an IT manager sick to their stomach it isn’t a bad name. Back when IBM owned the technology market, one of their competitive advantages was, they were the most secure. Since that time, security hasn’t effectively been used as a competitive advantage even though the potential for breaches has increased and state-level players are involved, potentially overwhelming traditional third-party approaches to security.
I think the potential to use security as a competitive advantage is huge, but—given the level of threat—I do wonder whether it would make more sense for the industry to collaborate more so that we could mitigate the possibility of an attack that could cripple a nation and critically damage the industry. Currently, getting that done given the US Government is using antitrust law in ways that weaken the nation is problematic (the US is going after auto companies for “colluding” on clean air efforts to fight global warming which seems insane to me but is none the less the reality we live in).
So, firms like HP may have no choice but to focus on their base, but I think it leaves the nation more exposed than we’d like. Let’s talk about the Bromium acquisition this week.
In a nutshell, what Bromium’s technology does is create a micro virtual machine (VM) that effectively sandboxes your browser. This approach means that if you click on a hostile website rather than infecting your machine—which could then infect your company and push you towards early unplanned retirement—it only infects the session and simply closing the session eliminates the exposure.
HP markets this as Sure Click, and it provides a level of protection I think should be built into Windows and every PC on the planet given how prevalent hostile websites are. This technology alone arguably makes HP PCs that have it safer to use, particularly for folks that have no clue that going to certain classes of website are extremely dangerous. But, let’s be clear, even legitimate websites have been compromised, so even risk-averse users can get into a ton of trouble if they aren’t protected.
By buying the company, HP can both ensure higher integration with their other security solutions and make sure no competitor buys the firm and locks them out.
HP’s Layered Defense
HP implements a layered defense model which represents an industry best practice. They are, for instance, the only PC vendor using a deep learning AV technology from Pure Instinct which, in test, even outperforms the leading machine learning (ML) solutions. This layered defense in depth approach means that even if an attack passes one defense, like sequential walls in a well build walled city or castle, the subsequent defenses kick in. This layered approach significantly raises the level of difficulty in breaching an HP PC to a level where it likely will drive an attacker to the next most vulnerable platform.
This strategy to raising difficulty is a simple rule in security; it doesn’t need to be absolute it just needs to be good enough to get a criminal or attacker to give up and look for a more vulnerable target—hopefully in a different company.
HP’s Acquisition Process Sucks But…
HP has a bad history regarding acquisitions as they employ an industry-standard approach where the focus is on driving commonality across the firms, and the result is generally the destruction of the acquired company. However, Dell currently has the best practices in the industry, and these practices originated from IBM. Andy Rhodes, who leads the HP Commercial PC effort, is recently out of Dell and he worked closely with the executive who drove the effort to improve the acquisition process in Dell suggesting he’ll bring some form of this industry-leading practice to HP.
That should make all the difference in the world here and assure a positive outcome for this effort.
HP’s acquisition of Bromium should further cement HP’s security leadership in the PC space, and Andy Rhodes’ experience at Dell should overcome a historical bad merger practice at HP. The result is this should strengthen HP in security a great deal. However, given the level of threat the world is under, I wonder if the Industry should be focusing more on raising all boats because a successful attack at a national level could result in massive damages if not war and the world might not recover from that result.