Grant Thomas - Understanding Hardware Security Threats

BE THE FUTURE.
HP Endpoint Security Solutions
Grant Thomas
Growth Partner Sales Manager (UK&I)

Agenda
Introduction: HP Security – A track record in Endpoint Security
1) Device
a. HP SureStart (Self Healing BIOS)
b. HP SureRun
c. HP SureRecover
2) Identity
a. HP MIK
b. HP Image Assistant
c. HP Multi Factor Authentication
3) Data
a. HP SureView
b. HP SureClick

EMEA PrintOn! 2017
First
HP security: A track record in
endpoint security
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
2017
HP Sure Start
self-healing BIOS
(PC & Print)
Firmware intrusion
detection (PC & Print)
Leadership with BIOS
security standard since
2011
(NIST 800-147, ISO 19678)
Cryptographically
secure BIOS
updates First Print security
services
Chair TCG Technical
Committee
Standard
Designed and established TPM
device
security standards (ISO 11889)
First to ship
Certified TPM
Standard
First
First
Standard
First

2018
4
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Self-healing BIOS with Runtime Intrusion
Detection
HP BIOSphere Gen410
Comprehensive BIOS management
HP Client Security Manager
Gen4
• HP Multi-Factor Authenticate
Gen25
MFA with hardened policies, 3-factor, face
log-in
• HP SpareKey
Self-service password recovery
• HP Device Access Manager
Just-in-Time access for ports and devices
Certified Self-Encrypting Drives
HW data encryption
HP Work Wise11
Proximity-based authentication
HP Secure Erase9
Permanent data removal on HDD/SSD
HP Sure View Gen27
Built-in privacy screen
DATADEVICE IDENTITY
HP Sure Run3
Protection for critical applications
HP Sure Recover4
Automated network-based image recovery
HP Sure Click8
Browsing security solution
HP Image Assistant Gen3
Image creation and testing
HP MIK Gen26
Centralized security management
HP Endpoint Security Controller
Key Additions and
Updates

HP HARDENS THE SYSTEM WITH
HP ENDPOINT SECURITY CONTROLLER
BELOW THE OS
Firmware (BIOS, etc.)
Hardware HP Endpoint Security Controller
TRUSTED BIOS
HP Sure Start Gen42
Creating a Root of Trust: using the
HP ESC, HP’s BIOS is trusted to be
secure.

TAKING PROTECTION TO A NEW LEVEL: OS
HARDENING
IN THE OS
Operating System,
Software, Downloads
BELOW THE OS
Hardware HP Endpoint Security Controller
TRUSTED BIOS
HP Sure Start Gen42
STRENGTHEN THE OS
HP Sure Run3, HP Sure Click8, HP Sure Recover4
In 2018, the HP Endpoint Security Controller will extend
HARDWARE-ENFORCED protection into the OS – building a
chain of trust.

ENFORCING COMPLIANCE WITH
MANAGEABILITY
IN THE OS
Operating System,
Software, Downloads
ABOVE THE OS
Manageability
BELOW THE OS
Hardware
ENFORCE COMPLIANCE
HP Management Integration Toolkit6
TRUSTED BIOS
HP Sure Start Gen42
STRENGTHEN THE OS
HP Sure Run3, HP Sure Click8, HP Sure Recover4
HP MIK ensures the systems continues working as it
should

2018
8
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
HP Sure View Gen27
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP Sure Click8
HP MIK Gen26
Key Additions and
Updates

DEFEND AGAINST DEVASTATING FIRMWARE
ATTACKS
Protect your BIOS with HP Sure Start Gen4 2
HP Sure Start is the industry’s first
and still the only self-healing BIOS.
The BIOS is the first million lines of code that
run. It is the key to your PC’s foundation.
Why should customers care?
Once the BIOS is corrupted, the hackers
“own” your PC: all other protection is useless.
Antivirus, anti-malware, and OS firewalls will not detect an
infected BIOS!

2018
10
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
HP Sure View Gen27
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP Sure Click8
HP MIK Gen26
Key Additions and
Updates

MALWARE TRIES TO ATTACK OS DEFENSES
Software security processes help keep your PC
safe:
• Antivirus in Windows Security Center stays on
the lookout to protect against known malware
• Firewall helps protect against attacks coming
through the network
• Cryptographic services keep your secrets
secured
Malware often tries to take out these
defenses
Designed to be the Most
Secure Windows Ever
Windows
10
HP
Products
OS
Processes
3rd Party
Processes
What makes sure these protections stay up and running?

MAKE SURE ATTACKERS CAN’T TURN OFF
YOUR ANTIVIRUS Protect critical security processes with HP Sure
Run3
HP Sure Run extends the HP Endpoint
Security Controller’s self-healing protection into
the OS.
It monitors key processes, alerts users and IT of
any changes, and restarts them automatically if
they’re stopped.
Designed to be the Most
Secure Windows Ever
Windows
10
HP
Products &
Processes
OS
Processe
s
3rd Party
Processe
s
OS
Processes
3rd Party
Processes
HP Sure Start
HP Sure Run
Secure the Processes that Secure your PC
HP Endpoint Security Controller enables
hardware-enforced application persistence

2018
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
HP Sure View Gen27
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP Sure Click8
HP MIK Gen26
Key Additions and
Updates

MINIMIZE DOWNTIME
Recover quickly with HP Sure Recover4
14
HP Sure Recover offers
secure, automated, network-
based software image
recovery.
Using the HP Endpoint Security Controller,
it can quickly and securely reimage
machines to HP’s or the company’s latest
software image - using only an internet
connection
! 
Because HP Sure Recover4 is based in hardware, you
can reimage a PC, even from a bare hard drive.

REIMAGE ON DEMAND OR ON SCHEDULE
RESILIENT BY DEFAULT FOR SMB. CUSTOMIZABLE FOR ENTERPRISE.
User initiated IT
scheduled
!
FRESH START: IT can schedule
routine reimaging, so malware
doesn’t have a chance to stick
around.
• Ideal for Hospitality, Retail,
Healthcare, Education, etc.
ENABLING USERS to quickly
reimage their own machines
without IT support
AUTOMATED RECOVERY:
If no OS is found, the PC will
automatically present the user the
option to reimage
FLEXIBLE: Defaults to latest HP
image, or may be configured in
firmware to recover custom
enterprise image

ENSURE EVERY PC STAYS PROTECTED.
Enforce your company’s security policies with HP Manageability Integration Kit
Gen26
Set policies for HP Sure
View7 and additional HP
Software
Manage new! HP Security
features
• HP Sure Run3
• HP Sure Recover4
Manage policies for 3 factors
or VPN credentials in HP
Multi-Factor Authenticate5
New UI makes it even easier
for ITDMs to create and
manage policies
N O W Y O U C A N M A N A G E M O R E H P S E C U R I T Y, M O R E H P
F E AT U R E S
HP Manageability Integration Kit is
the first and only Microsoft certified plug in for
SCCM
now in its second generation.

IMPROVE YOUR IMAGE
Build better software images in minutes with HP Image Assistant
New for 2018!
• Image Assistant now supports HP
Thunderbolt dock firmware
• Now with quick access to Product
Change Notifications and Customer
Advisories
R E F E R E N
C E
I M A G E T A R G E T
I M A G E
Image Assistant will report:
• Security issues
• Driver issues
• BIOS settings
Can install missing or outdated
components
Essential for Win 10 transition
An essential, free IT Admin tool to
develop, maintain, and support
software images for optimal Windows
performance.
- Compare HP factory image to corporate image to uncover
latest drivers, BIOS updates, updated components, and
more

2018
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
HP Sure View Gen27
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP Sure Click8
Key Additions and
Updates
HP Multi-Factor Authenticate
Gen25
log-in
HP MIK Gen26

© Copyright Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
M U L T I - F A C T O R
A U T H E N T I C A T I O N
H A R D E N E D @ S I L I C O N
L E V E L
H a r d e n e d
M U L T I - F A C T O R A u t h e n t i c a t e 23
H P M U L T I
A U T H E N T I C A T E
Something
you know
Something
you have
Something
you are
Single-
factor
Two-factor
Multi-factor
NumberofFactors M u l t i - F a c t o r Au t h e n t i c a t i o n
m a k e s y o u r l o g i n
a m i l l i o n t i m e s
m o r e s e c u r e
P@$$W()
RD
PIN, biometrics, keys,
tokens and associated
certificates are
Captured, Encrypted,
Matched, and Stored in
the Hardware, out of
sight and reach from
typical attack methods.
SmartCar
d
P@$$W()
RD
SmartCar
d
Security Strength Posture

2018
21
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
HP Sure View Gen27
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP Sure Click8
HP MIK Gen26
Key Additions and
Updates

WORK FREELY IN PUBLIC SPACES
HP Sure View Gen27: the world’s ONLY integrated PC privacy screen12
Now in it’s SECOND GENERATION, HP Sure View
Gen2 enables a better visual experience in light OR
dark environments – from the plane to the café
What’s New
• Performs great in BRIGHT and DARK environments
• IPS panel technology
• Improved 120Hz REFRESH RATE, for smooth motion
• Reduced display thickness - ULTRA-THIN DESIGNS
HP Sure View Gen27 protects
against visual hacking with the press
of a button.

2018
23
ABOVE
THE
OS
IN
THE OS
BELOW
THE OS
HP Sure Start Gen42
Detection
HP BIOSphere Gen410
Gen4
Gen25
log-in
• HP SpareKey
HW data encryption
HP Work Wise11
HP Secure Erase9
DATADEVICE IDENTITY
HP Sure Run3
HP Sure Recover4
HP MIK Gen26
Key Additions and
Updates
HP Sure Click8
HP Sure View Gen27

© Copyright Hewlett-Packard Development Company
HP Sure Click – how it works
HP Sure
ClickEach web browser tab is
opened automatically in a
CPU-isolated Micro Virtual
Machine
Malware impacting one tab
has NO impact on any
other tab, app or the OS
Just close the tab & the
malware’s gone
tab2
tab3
Microvis
or
CPU VT
We
b
Pag
e
tab1
tab4
say web-borne
malware can be
undetectable3
81
%
OS
Apps
BIOS
Drivers
OS
Kernel

© Copyright Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
THE WORLD’S MOST SECURE AND MANAGEABLE PC
HP’s Security and Manageability Features Lenovo Dell Acer Apple HP
Below the OS Self-healing BIOS with Runtime Intrusion Detection (HP Sure Start Gen3) x x x x ✓
Common Criteria Certified TPM ✓ ✓ ✓ x ✓
Port and Device access control (HP Device Access Manager) x x x x ✓
Self-Encrypting Drives option ✓ ✓ x ✓ ✓
Secure Erase for both HDD and SDD (HP Secure Erase) ✓$ ✓$ x x ✓
In the OS One Step Logon from BIOS to Microsoft® Windows desktop x x x x ✓
Self-service password recovery for OS (HP SpareKey) x x x x ✓
Authentication with Hardened Biometrics (fingerprint) (HP Client Security Suite Gen3) ✓ ✓ ✓ ✓ ✓
Combination of factors for Authentication and Hardened Policies (HP Multi-Factor Authenticate) x x x x ✓
Secure Login to PC with smartphone based on proximity to PC (WorkWise) x x x x ✓
PC Tampering alerts sent to smartphone (WorkWise) x x x x ✓
Microsoft®
BitLockerDrive Encryption ✓ ✓ ✓ x ✓
Above the OS Integrated Privacy Screen (HP Sure View) x x x x ✓
Fleet management, including (HW, SW, BIOS), via Microsoft®
SCCM (HP Manageability Integration Kit) x x x x ✓
PC Image development and deployment through Microsoft®
SCCM plug-in (HP Manageability Integration Kit) ✓$ ✓$ x x ✓
PC Image comparison and recommendations (Image Assistant) x x x x ✓

THANK YOU!
HP ConfidentialHP Confidential

Grant Thomas - Understanding Hardware Security Threats

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Similar to Grant Thomas - Understanding Hardware Security Threats

Similar to Grant Thomas - Understanding Hardware Security Threats (20)

More from Pro Mrkt

More from Pro Mrkt (14)

Recently uploaded

Recently uploaded (20)

Grant Thomas - Understanding Hardware Security Threats

Editor's Notes