HP Inc has announced the launch of HP Enterprise Security Edition, a suite of security capabilities designed to enhance the physical security of HP business class PCs.
HP Enterprise Security Edition includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks, while giving IT admins visibility to help detect unauthorised firmware and component tampering throughout a device’s lifecycle.
The rise of hybrid work and work from anywhere (WFA) has increased the risk of PCs being compromised by attackers with brief physical access, underscoring the need for protection and visibility into the integrity of devices throughout their lifetimes.
Over half (51%) of ITSDMs are concerned that they cannot verify if PC, laptop or printer hardware and firmware have been tampered with during transit. This visibility helps to mitigate the risk of targeted attacks that gain a persistent foothold within a company.
HP Enterprise Security Edition help defends against such attacks by preventing harm to hardware and firmware layers in the PC, while also enabling IT teams to check if hardware and firmware have been altered by malicious third parties during a device’s lifetime.
Dr Ian Pratt, global head of security for personal systems at HP Inc, comments: “Physical attacks are riskier and more difficult to perform, so they are typically targeted and organised – for instance, as part of a nation-state campaign or corporate espionage. But the lucrative market for selling access to corporate networks means more opportunistic attacks – spotting an unattended PC and briefly plugging in a Thunderbolt device – could be worth the risk for a cybercriminal.”
He adds: “By tampering with device hardware and firmware, attackers can gain an almost undetectable foothold on a device, which could help them gain access to a corporate network or mount destructive attacks. This is attractive to bad actors, providing them with unparalleled visibility and control – and multiple ways to monetise.”
To combat these physical cyber threats, HP Enterprise Security Edition equips PCs with the following multilayered protection capabilities:
- Firmware Lock: User-controlled lock implemented at the firmware level and used in conjunction with HP Sure Admin. Once Firmware Lock is activated, HP Sure Admin’s cryptographic password-less authentication process is used to unlock the PC. This provides substantially stronger protection than a standard operating system lock when a PC is left unattended, preventing a bad actor from even being able to interact with system boot or attempt to start the operating system.
- Platform Certificates: These digital certificates enable customers to validate that hardware and firmware components have not been modified since manufacturing, such as disk, memory, processor, BIOS/firmware version, or PCIe devices and the trusted platform module. This offers visibility and detection of unauthorised modification of device hardware and firmware components.
- Sure Start Virtualisation Protection: Pre-boot protection from malicious or compromised third-party hardware being plugged into a Thunderbolt/USB C or PCIe port. Third-party firmware runs inside a micro-virtual machine, protecting device hardware and firmware, and preventing the device from being infected by malicious third-party firmware.