HP launches Enterprise Security Edition for secure PCs

HP has introduced the HP Enterprise Security Edition, a security suite designed to enhance the physical security of HP business-class PCs.

The product aims to shield PC hardware and firmware from targeted physical attacks and offers IT administrators visibility to detect unauthorised firmware and component tampering during the device's lifecycle.

With the rise of hybrid work environments, the need for robust security measures has increased. Many Information Technology Security Decision Makers (ITSDMs) are worried about their inability to verify whether the hardware and firmware of their PCs, laptops, or printers have been tampered with during transit. This prompted HP to provide a solution to mitigate risks associated with these persistent threats.

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP, remarked, "Physical attacks are riskier and more difficult to perform, so they are typically targeted and organised – for instance, as part of a nation-state campaign or corporate espionage. But the lucrative market for selling access to corporate networks means more opportunistic attacks – spotting an unattended PC and briefly plugging in a ThunderboltTM device – could be worth the risk for a cybercriminal."

To address these concerns, the suite includes several capabilities such as Firmware Lock, Platform Certificates, and Sure Start Virtualization Protection. Firmware Lock provides a user-controlled lock implemented at the firmware level, ensuring a higher level of security than a traditional operating system lock. It works alongside HP Sure Admin's password-less authentication to enhance protection.

Platform Certificates provide a method for validating that hardware and firmware components have remained unchanged since the device's manufacture. This helps organisations detect unauthorised modifications to components like the disk, memory, processor, and more.

Sure Start Virtualization Protection offers pre-boot protection by isolating third-party firmware in a micro-virtual machine, thereby safeguarding the hardware and firmware from malicious threats that may be introduced via external ports.

Dr. Ian Pratt also highlighted, "By tampering with device hardware and firmware, attackers can gain an almost undetectable foothold on a device, which could help them gain access to a corporate network or mount destructive attacks. This is attractive to bad actors, providing them with unparalleled visibility and control – and multiple ways to monetize."

The Enterprise Security Edition aims to help organisations manage risk by ensuring hardware and firmware integrity from the point of onboarding a device. This moves towards implementing stronger governance and control over the security of PC hardware and firmware throughout the device lifecycle.

"Securing PCs from physical attack is often overlooked, but if bad actors want your data badly enough, they'll go to any lengths to obtain it. Whether it's from executives traveling for work and leaving a laptop in an insecure hotel room or stepping away in a cafe to buy a coffee, there are many ways devices could find themselves exposed," stated Dr. Pratt.

He concluded, "Preventing cyber-attacks on the hardware and firmware of a device is key to maintain integrity of an organisation's PC endpoint supply chain. HP Enterprise Security Edition introduces new defensive capabilities for PC hardware and firmware. This will help safeguard data and protect the integrity of the PC fleet, while shining a light on threats lurking below the operating system surface, where traditional security tools can't go."

The HP Enterprise Security Edition is now available for selected PC platforms.