Hewlett-Packard is one of the world’s most recognisable computing brands; manufacturing PCs, laptops, printers, tablets and just about everything else (but not brown sauce… that’s a different HP altogether).
What you might not be aware of, though, is their Bristol-based operation which focuses on security systems and data protection. We caught up with Martin Sadler, Director of HP Labs, Bristol, to learn more about his team and how they’re tackling online criminal activity.
TechSPARK: Martin, please gives us some background on Hewlett Packard’s work in Bristol.
Martin Sadler: We’ve been in Bristol for nearly 30 years now, and this was the first HP Labs to be located outside the US. We’re part of the corporate R&D unit, which looks at current trends in society, the economy, technology, and we try to understand what they mean for our customers. This informs how we innovate down the road, and we typically look five to 10 years ahead.
HP Labs in Silicon Valley really championed the H-35 – the world’s first handheld calculator – and the inkjet printing revolution, but in Bristol our research isn’t really consumer-focused, it’s more about the technology that goes under the hood, keeping the internet up-and-running and our online world safe.
TS: Can you give examples of your recent work?
MS: Well, if you look at the kind of attacks we get on today’s corporate or governmental networks, over 80% of them show up in the DNS log. I guess ‘DNS’ is best described as the internet’s telephone directory, and just within HP we have billions of DNS requests each day – connecting machines to online services. The challenge is taking that stream of events and working out which are okay, and which are suspicious.
“It’s where big data meets security meets visualisation – all those hot buzz phrases brought together”
Within HP, about 98% of requests are fine, not going anywhere they shouldn’t be, then around 1% – which is still a huge number of individual events – are directing to known ‘bad sites’, with 1% left in the grey area. That grey area requires a lot of clever analytics to determine what’s going on, so a lot of the work we do here is based on looking at that and informing security operation centres which attacks they should be paying attention to at any one time.
It’s where big data meets security meets visualisation – all those hot buzz phrases brought together – and developing a product that will help customers safeguard their systems.
That’s a typical ‘Labs’ research project; a number of things going on, bringing them together, do some clever stuff, try it out within HP – eating our own dog food, if you like – using the technology to improve the way we run the company, and then taking it to market.
Fortify is a tool suite we’ve designed for organisations like banks, so they can test their web code to ensure it doesn’t contain any flaws. When they release their apps, they’ll know their customers aren’t going to face any problems.
TS: Are you able to give any basic tips for online security?
MS: For small and big businesses in the UK, the government has issued Cyber Essentials, which are good guidelines to follow. We certainly offer a number of services to larger IT companies to help them stay safe, but unfortunately the bad guys move very fast too, so whatever you’re doing this year, you’ll probably have to do something new next year.
It’s not one of those things you can do and then just quietly forget about it, security is an area where you have to remain vigilant and on the ball.
TS: What are the advantages to being based in Bristol?
MS: It’s a very attractive city for people, and we’ve been very successful at recruiting talent here over the past 30 years. We probably have a more stable population than London, for example, where people seem to chop and change every couple of years, so from an employer’s viewpoint we have stable staffing.
“We’ve actually lost some people to local startups, which isn’t something we regret because it’s actually quite healthy for bigger companies to feed these emerging businesses”
Another upside of the whole Bath/Bristol ecosystem is that it attracts people from all over the world, and I’d argue that if you want a successful tech hub it has to be one that people from the outside want to come and join.
About half our team are recruited from within the UK and half from around Europe. We only employ the brightest and best, and we’ve actually lost some people to local startups, which isn’t something we regret because it’s actually quite healthy for bigger companies to feed these emerging businesses.
Specifically for security, this is a good area for startups because the defence industry is centred towards the west of the country.
We’re very happy to recruit local talent, but we’d also like to see smaller startups thrive. Equally, if there are any local companies out there who think HP can help, please get in touch.