HP strengthens
enterprise security

HP has launched a suite of security capabilities designed to enhance the physical security of HP business class PCs. The HP Enterprise Security Edition includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks, while giving IT admins visibility to detect unauthorised firmware, and component tampering.

The rise of hybrid work and Work from Anywhere (WFA) has increased the risk of PCs being compromised by attackers with brief physical access, underscoring the need for protection and visibility into the integrity of devices throughout their lifetimes. Over half (51%) of information technology service delivery managers (ITSDMs) are concerned that they cannot verify if devices – including PC, laptop or printer hardware and firmware – have been tampered with during transit.

HP Enterprise Security Edition helps defend against such attacks by preventing harm to hardware and firmware layers in the PC, while also enabling IT teams to check if hardware and firmware have been altered by malicious third parties during a device’s lifetime.

“Physical attacks are riskier and more difficult to perform, so they are typically targeted and organised – for instance, as part of a nation-state campaign or corporate espionage,” says Dr Ian Pratt, HP global head of security for personal systems.

“But the lucrative market for selling access to corporate networks means more opportunistic attacks – spotting an unattended PC and briefly plugging in a Thunderbolt device – could be worth the risk for a cybercriminal.

“By tampering with device hardware and firmware, attackers can gain an almost undetectable foothold on a device, which could help them gain access to a corporate network or mount destructive attacks. This is attractive to bad actors, providing them with unparalleled visibility and control – and multiple ways to monetise.”

To combat these physical cyber threats, HP Enterprise Security Edition equips PCs with the following multilayered protection capabilities:

• Firmware Lock: User-controlled lock implemented at the firmware level and used in conjunction with HP Sure Admin. Once Firmware Lock is activated, HP Sure Admin’s cryptographic password-less authentication process is used to unlock the PC. This provides substantially stronger protection than a standard operating system lock when a PC is left unattended, preventing a bad actor from even being able to interact with system boot or attempt to start the operating system.
• Platform Certificates: These digital certificates enable customers to validate that hardware and firmware components have not been modified since manufacturing, such as disk, memory, processor, BIOS/firmware version, or PCIe devices and the trusted platform module. This offers visibility and detection of unauthorized modification of device hardware and firmware components.
• Sure Start Virtualization Protection: Pre-boot protection from malicious or compromised third-party hardware being plugged into a Thunderbolt/USB C or PCIe port. Third-party firmware runs inside a micro-virtual machine, protecting device hardware and firmware, and preventing the device from being infected by malicious third-party firmware.

HP Enterprise Security Edition delivers platform integrity protection capabilities by ensuring the hardware and firmware beneath the operating system are more secure and resilient to physical attacks. This enables organisations to manage risk to their endpoint device supply chain by validating hardware and firmware integrity prior to device onboarding. This will help organisations implement strong governance and controls over the security of their PC hardware and firmware across their device lifecycle – protecting end users’ data.

“Securing PCs from physical attack is often overlooked, but if bad actors want your data badly enough, they’ll go to any lengths to obtain it,” says Pratt. “Whether it’s from executives traveling for work and leaving a laptop in an insecure hotel room or stepping away in a cafe to buy a coffee, there are many ways devices could find themselves exposed.

“Preventing cyber-attacks on the hardware and firmware of a device is key to maintain integrity of an organisation’s PC endpoint supply chain. HP Enterprise Security Edition introduces new defensive capabilities for PC hardware and firmware. This will help safeguard data and protect the integrity of the PC fleet, while shining a light on threats lurking below the operating system surface, where traditional security tools can’t go.”

HP Enterprise Security Edition is available for select PC platforms.

* Visit the Enterprise Security Edition page on HP’s website here.