HPE Threat Labs
Research driven cyber threat intelligence that strengthens resilience, reduces risk, and stops attacks before they impact your network and your business.
What HPE Threat Labs does
HPE Threat Labs is HPE's dedicated team for security research and development and cyber threat intelligence. We turn deep cyber research, continual threat hunting, and product hardening into practical guidance that keeps your network resilient, closes security gaps faster, strengthens defenses, and blocking attacks before they land.
Threat research
Continuous research and threat hunting surface new threats early, with detections and guidance to close gaps fast.
Threat defense
We align defenses to real attacker behavior so products and solutions are built for the threats that matter.
Security audits
Test and verify products internally to uphold strong security standards in any environment.
Threat research
Explore research sourced or sponsored by our HPE Threat Labs team.
2026 In the Wild Threat Report
The 2026 In the Wild report reveals how organized cybercrime is industrializing attacks with AI, automation, and enterprise-style operations to target critical sectors at scale, while outlining strategies enterprises can use to strengthen cyber resilience.
HPE Threat Labs report reveals cyber adversaries are morphing their business model to scale and accelerate attacks
HPE announces HPE Threat Labs and its inaugural In the Wild report, uncovering how organized cybercrime is scaling attacks across industries.
2026 Zero Trust Report
The 2026 Zero Trust Report reveals a widening gap between strategy and execution as enterprises grapple with hybrid, multicloud complexity. Insights from 800+ security leaders show how fragmented tools, excess access, and policy drift continue to weaken Zero Trust efforts.
2026 Global Study on closing the IT security gap
This report draws on insights from more than 2,200 IT and security leaders worldwide and explores why IT security gaps continue to persist and how organizations are using AI, zero trust, SASE, and hybrid cloud strategies to improve cyber resilience and reduce risk in 2026.
2025 SSE Adoption Report
The 2025 SSE Adoption Report reveals why organizations are rapidly shifting to Security Service Edge. With 713 security leaders surveyed, it highlights rising SSE and SASE adoption, Zero Trust priorities, and how companies are modernizing access security for a hybrid, cloud‑first world.
2025 SSE Adoption Report: How to future-proof your network security
Discover how choosing the right technology helps your business stay ahead rather than play catch‑up. Explore research‑backed insights that guide smarter, future‑ready decisions.
2025 VPN Exposure Report
The 2025 VPN Exposure Report uncovers how rising breaches, poor user experience, and outdated architectures are turning VPNs into major security liabilities, pushing enterprises toward modern, zero‑trust access models built for today's hybrid workforce.
Rethinking remote access: Why zero trust network access replaces VPNs today
For a long time, VPN was synonymous with secure remote access. If you needed to access the corporate network from anywhere else, you fired up a client, typed in a password, and possibly tapped a token, and you were in. It felt like a neat solution to a simple problem.
Featured blogs
- Research blogs
- Tech blogs
- Malware knowledge base
Inside HPE Threat Labs: Where threats meet their match
Introducing the new HPE Threat Labs, your engine for transforming frontline threat research into real‑world protection. Discover how continuous threat hunting, rigorous validation, and built‑in product hardening can strengthen security for your entire organization.
Threat hunting with passive DNS: Discovering the attacker infrastructure
Understanding how attackers establish and maintain their attack infrastructure is important for building robust defenses. Attackers employ various tactics to keep their operations resilient and undetected. In this blog post, we dive into the methods attackers use to set up their infrastructure, focusing on techniques like IP churn and changing hosting providers.
The hidden door: How CVE-2024-23897 enabled ransomware attack on Indian banks
On August 1, 2024, Retail payments began to be disrupted in Indian banks and suddenly, massive news broke, stating Brontoo Technology Solutions–a collaborator with C-Edge Technologies, which is a joint venture between TCS and SBI, was impacted by a ransomware attack, according to NPCI.
The cost of convenience: Multicast DNS and your privacy
Discover how a "convenience" feature buried in your Wi‑Fi connection—Multicast DNS (mDNS)—quietly exposes your devices and privacy. This eye‑opening Threat Labs breakdown reveals why a protocol built for simplicity has become a hidden security risk.
Blackbyte Ransomware
Blackbyte has been known to be a Ransomware-as-a-Service (RaaS) since July 2021. It was reported that it was used in infecting organizations in at least three US critical infrastructure sectors—government facilities, financial, and food and agriculture—as well as others outside the US.
GhostRat Malware
GhostRat is a sophisticated Remote Access Trojan (RAT) known for its stealth, persistence, and modular architecture. The analyzed sample demonstrates advanced capabilities including process injection, credential harvesting, system reconnaissance, and encrypted command-and-control (C2) communication.
"Springshell" Vulnerability
On March 30, 2022, a pseudonymous security researcher posted a proof of concept of a remote code execution vulnerability in the Spring framework for Java. Early speculation likened this vulnerability to last year's log4shell vulnerability.
Demos and videos
HPE Threat Labs breaks down today's attack techniques, and shows how HPE security solutions detect, defend, and strengthen your posture. Watch the demos for actionable steps you can apply to each tactic.
Additional lab resources
-
InfographicTop trends in getting to SSE
As part of the broader secure access service edge (SASE) framework, a security service edge (SSE) platform offers universal secure access and visibility to web, cloud services and private applications by consolidating security services into a single, scalable solution.
Read the infographic
