3. Blended reality: digital and physical worlds colliding
Immersive experiences shaping our everyday lives
Produce, modify, and
automate
People,
places &
things
Compute,
analyze &
communicate
Sense, capture / create,
connect, and collaborate
Physical
Digital
4. Security innovation is key
Security threatsData Devices
25B
“connected things” by 2020
+48%
annually
40ZB
by 2020
5. Endpoint Devices
The first line
of defense
Endpoint security
must be built-in
from the start
The frontline of the cybersecurity
battleground
6. First
HP security: A track record in
endpoint security
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
HP Sure Start
self-healing BIOS
(PC & Print)
Firmware intrusion
detection (PC & Print)
Leadership with BIOS security
standard since 2011
(NIST 800-147, ISO 19678)
Cryptographically
secure BIOS
updates First Print security
services
Chair TCG Technical Committee
Standard
Designed and established TPM device
security standards (ISO 11889)
First to ship
Certified TPM
Standard
First
First
Standard
First
7. Low-level
System
Firmware
(UEFI / BIOS)
Software exploit
• Buffer overflow
• Misconfiguration
• Code injection (SQL)
• Open network ports and
application vulnerability
Modern malware targets
hardware & firmware
User Space
Applications
Operating
System
Simple physical
access exploits
• USB based attack
Human exploit
• Phishing email
8. Control
Control below the
operating system
Persistence
Cannot be removed or
modified by software
Detection
Very difficult; cannot be
done from inside the
Operating System
Recovery
Typically require service
events with hardware
rework/replacement
Why low level firmware attacks?
9. Emergence of destructive attacks
2012: Saudi Aramco
2013: South Korean ATM Network
2014: Sony Pictures
2015: Ukrainian Power Grid
2016-2017: Shamoon 2 Attacks – Saudi Arabia