• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      How to overcome your Active Directory consolidation challenges

      In this web seminar we explore how best to go about assessing and modernising your AD as we reveal our research findings into AD health and readiness, consolidation challenges, and strategies for success.

      • Date: 20 Apr 2021
      event logo
      Mitigating Ransomware Attacks

      In this webinar, Javvad Malik, Security Awareness Advocate at KnowBe4, will share practical advice and real-world examples of how you can defend your organisation from the ongoing ransomware threat.

      • Date: 27 Apr 2021
      event logo
      Desklix: Digital Workplace

      The Coronavirus pandemic has had a huge impact on our lives with most organisations making a sudden switch to mass remote working. As restrictions are progressively eased, the impact continues, with organisations having to decide when to allow staff back into offices, what proportion of remote working should be expected, and how all of this should be supported.Take part in this virtual event to put your questions to the experts, and see what your peers have learnt from the pandemic, and how they plan to apply this understanding to 2021 and beyond.

      • Date: 12 May 2021
      event logo
      How to improve security whilst reducing workload and stress

      In this webinar we discuss the existing situation and its solutions, with automation one of the most promising.

      • Date: 13 May 2021
      • Computing UK, London
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
 

Sponsor content:

What's this?

This content has been provided by our sponsors and is a paid advertisement.
  • Security

Industry Voice: Partners Take On a Growing Threat to IT Security

  • Abhilasha Bhargav-Spantzel, Intel
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

Intel works with Microsoft, and OEM Partners to implement hardware-based capabilities to increase security for the business PC fleet

There is growing importance of firmware security in the community. It is now becoming better understood and there are proactive efforts to find firmware vulnerabilities. Example data point is in 2017, one or more firmware vulnerability was been discovered almost daily, according to the NIST National Vulnerabilities Database. The number has grown from 400+ in 2017 to 475+ in 2018 to 680+ in 2019. The numbers are indication not only of the increased interest in this area from the security community, but also the proactive diligence by manufacturers (for example Intel Security First Pledge) and vendors to detect vulnerabilities and provide patches in a timely fashion.

Microsoft's Virtualization Based Security (VBS), a key feature of the Windows 10 OS, isolates a secure region of memory from the normal OS. This virtual secure mode (VSM) can host security solutions that increase protection from OS vulnerabilities and prevent malicious exploits. This model significantly improves software and OS security and moves the focus for the attackers to look at the firmware stack for vulnerabilities, resulting in the need for defense in depth to achieve IT security for today's businesses.

Microsoft has invested in virtualization for security on clients - again "driving hackers further down the stack," according to Dave Weston, director of enterprise and OS Security, Microsoft. "If they can't break in through the front door, they go around back to an unlocked window upstairs. Our secured-core PC initiative will provide crucial capabilities to help thwart attackers and build trustworthiness on the platform as a whole.

To add a new tool to combat threats targeted at the firmware, Microsoft has been working with various partners, including OEMs, on an initiative to design Secured-core PCs. The aim is to provide the OS a reliable way of determining the system is in a trustworthy state - without depending on firmware. The initiative revamps the boot-up sequence for Windows PCs using Dynamic Root of Trust for Measurement (DRTM). The revamped sequence detects incorrect or malicious hardware configuration by the firmware, which could allow an attacker to bypass specific controls designed to verify the integrity of the boot process, including code integrity and credential verification.

PC manufacturers together with processor and chipset providers like Intel and leading BIOS vendors provide other critical pieces. Intel, for example, has worked closely with partners to raise the bar for security, especially to protect against hardware and firmware attacks. Such solutions are critical to ensure that OS security itself can be securely established through Secure Boot and Intel® Trusted Execution Technology (TXT) - a part of the Intel vPro® platform.

The PC ecosystem has not only embraced the collaboration but also innovated to go above and beyond. The year-over-year improvements are unique to the ecosystem and help IT enterprise customers combat the increasing number of sophisticated cyberattacks. Over the last 30+ years, ecosystem innovation driven by OEMs has provided an unmatched suite of solutions to improve security for enterprise class systems.

For example, HP Sure Click provides secure application containment, which removes operating system and third-party application code from the attack surface. "HP is in a unique position to tie HP Sure Click support directly to security enforcement built into hardware," said Ian Pratt, Global Head of Commercial Security, HP Inc. "HP Sure Click is closing the door on most of the common attack vectors in widespread use today. This will naturally force the attacker to look elsewhere. Some of the areas to look for vulnerabilities as a logical next step for attackers include firmware and hardware."

"Security is fundamental to everything that we do," said Nima Baiati, global director and GM, Cybersecurity Solutions, Intelligent Devices Group, Lenovo. "Our security-by-design approach begins the moment we envision a new platform. We are continually evaluating the threat landscape and building secure endpoint solutions. Technologies like our ThinkShield® Engine enable BIOS self-healing to add a critical level of protection at the hardware level and help mitigate against firmware attacks."

"As we enter the next data decade, a modern approach to security is essential - one that intelligently and seamlessly builds security into infrastructure, platforms and devices to protect data everywhere it exists," said Brooke Huling, vice president, commercial software, Dell. "While above-OS security remains crucial, it is just as critical to protect below-OS attack surfaces as threats have morphed to now focus on the firmware and BIOS. Dell Technologies has invested heavily to ensure we can provide the most secure endpoint solutions above and below the OS. From SafeBIOS to our SafeGuard and Response, our customers are able to protect their ecosystems while working securely and confidently without interruption."

PC manufacturers, processor and chipset providers, and operating system
and software vendors have partnered to develop security solutions
that help enterprise customers defend against sophisticated 
cyberattacks.

 

Firmware Attacks Awareness

Firmware attacks remain stubbornly hard to detect and to clean off an endpoint. Antivirus applications that run at the OS level can't access the firmware directly. And whether you reboot your system, reinstall the OS or replace the hard drive, the malware can persist.

Ongoing research has identified more than a dozen firmware threats including the LoJax and Hacking Team rootkits, the DarkMatter and Sonic Screwdriver Mac implants and the Thunderstrike and S3 boot script vulnerabilities. In some cases, these threats underlie actual attacks. In late 2018, for example, security researchers discovered that the Russian hacking group Fancy Bear, aka Strontium, had used the LoJax rootkit as part of a campaign against high-profile targets in Central and Eastern Europe, according to Business Wire.

Risk management for firmware attacks must consider the potentially devastating impacts. Although the likelihood of a firmware attack is unknown, the need for security to reduce vulnerability is clear.

Importance of Firmware Security

The firmware code coordinates hardware and software to boot up a PC, but the software can often run on different types of firmware. In addition to the main system code, PCs use separate firmware to govern each of the dozens of underlying components, from network cards to management controllers.

The PC industry's standard solution to securely start the OS, known as Secure Boot, is implemented in firmware and supported by major operating system vendors. The solution requires firmware to check the OS signature and each piece of OS software on bootup before passing execution control to that code.

Malicious attacks targeting firmware can undermine mechanisms like Secure Boot and other security functionality implemented by the hypervisor or OS. That makes it tough to identify when a system has been compromised. To best harden attack surfaces, security technologies must be rooted in hardware. For example, hardware-rooted solutions verify firmware integrity even before the first line of firmware code has executed. This verification prevents the machine from booting in a compromised state. With the changes in the threat landscape, responsibility for protection from attacks falls to the CPU and hardware manufacturers.

Being able to measure that the device booted securely is another critical piece of this additional layer of protection from firmware compromise that gives admins added confidence that their endpoints are safe. That's why Microsoft implemented Trusted Platform Module 2.0 (TPM) as one of the device requirements for Secured-core PCs. By using the Trusted Platform Module 2.0 (TPM) to measure the components that are used during the secure launch process, we help customers enable zero trust networks using System Guard runtime attestation. Conditional access policies can be implemented based on the reports provided by the System Guard attestation client running in the isolated VBS environment.

HP Sure Start is an example of a hardware rooted solution which verifies the integrity of the BIOS and other firmware before the CPU starts execution, thereby preventing the machine from booting in a compromised state. HP Sure Start will also recover BIOS and other firmware from a dedicated, and physically isolated storage device on the system board. "HP Sure Start has evolved to be the most comprehensive firmware security and resiliency solution in the industry, which has become a necessity in light of the evolving threat landscape in which attackers increasingly aim lower in the stack" said Ian Pratt, Global Head of Commercial Security, HP Inc.

Lenovo ThinkShield includes hardware-based security capabilities such as, self-healing BIOS, match-on-chip biometrics and hardware-based secure wipe capabilities. Protection and remediation below the OS are a critical component of security. Our self-healing BIOS technology means that, at boot, the BIOS is being examined and compared - securely to a trusted, golden image on hardware said Nima Baiati, global director and GM, Cybersecurity Solutions, Intelligent Devices Group, Lenovo.

Revamped boot-up hardens systems

Let's first look first at the Static Root of Trust for Measurement (SRTM). SRTM starts at reset and measures the early boot BIOS components to ensure no unauthorized firmware or software, launches before the Windows bootloader. While this is valuable, there are challenges as thousands of PC models with various BIOS versions result in a vast number of SRTM measurements at bootup. There are numerous efforts in the community, to ensure that there is careful measurement and attestation of the underlying components. Additionally, OEMs are providing year-over-year innovations to provide better BIOS and firmware security to have a strong platform foundation.

To allow for defense in depth, secured-core PCs use chips like Intel® Core™ vPro® processors with built-in Dynamic Root of Trust (DRTM). The Intel vPro platform has evolved through system hardening processes to deliver hardware-based security features for modern businesses. This capability provides a mechanism that lets the OS verify the core logic/CPU hardware security configuration and state. The mechanism is consistent across all platforms regardless of specific firmware running on that platform. Shortly after the STRM passes execution control to the OS, DRTM is used to confirm the system is in a trusted state. DRTM does that by taking control of all CPUs and forcing them down a well-known and measured code path. The launch code is no longer related to a specific hardware configuration, limiting the number of measurements required. This provides another layer of protection against firmware attacks that is completely compatible with and complementary to the SRTM approach.

Establishing trust gains efficiency

In the context of DRTM, the goal is to have a smaller trusted computing base, which is critical to establishing and maintaining its security - and part of the defense in depth. The smaller TCB allows a simpler design for the measured launch environment (MLE) that proves the software is set up as intended. Via measured launch and protected execution, Intel® TXT ensures the OS had a clean start. This is a built-in security feature of the Intel vPro® platform.

Partnership provides out-of-the-box platform and data protection

A modern PC platform should help businesses increase productivity and decrease the costs of fighting cyberthreats with a security approach that combines software and hardware to protect assets, data and infrastructure. New devices powered by the Intel vPro platform include built-in foundational hardware and firmware security capabilities that help ensure your OS runs on legitimate hardware. They provide hardware-to-software security visibility for a more complete security solution. For industries that are frequently the target of attacks - such as government, financial services and healthcare - the PC with a strong "below the OS" foundation adds an additional layer of much-needed security right out of the box.

To learn more about the Intel vPro platform visit intel.com/vPro and a complete list of Secured-Core PCs here.

Acknowledgements: Many thanks to all above mentioned partner teams for excellent feedback and advice for this article. Thanks also to Kirk Brannock, Principal Engineer at Intel, for technical content and help.

Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others. BIO to be added to IT Peer Network

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Threats and Risks
  • VPro Hub
blog comments powered by Disqus
Back to Top
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Privacy Settings
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading