AntivirusFirewallEnd point sikkerhed

HP Confidential. For use by HP or Partner with Customers under HP CDA only.© 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

HP’s

INNOVATION FRAMEWORKBASED ON CUSTOMER INSIGHTS

DESIGNfor the way you work and live

SECURITYto work anywhere

COLLABORATIONfor connecting & creating

WORKFORCE WORKPLACE WORKSTYLE

IN 2019, ITDMs FACE A

RISING TIDE OF SECURITY THREATS

INCREASE IN

FIRMWAREATTACKS

RISE OF

DESTRUCTIVE ATTACKS

RAPID

EVOLUTION OF MALWARE

© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

Low-levelSystem

Firmware(UEFI / BIOS)

Software exploit• Buffer overflow

• Misconfiguration

• Code injection (SQL)

• Open network ports andapplication vulnerability

Modern malware targetshardware & firmware

Simple physicalaccess exploits• USB based attack

Human exploit• Phishing email

User SpaceApplications

Operating System

And why should we care…

Why is replacement of the BIOS a problem?

• BIOS executes at the HIGHEST privilege level

• Executing BIOS Code running has access to ALL memory and ALL hardware

• This code is completely INVISIBLE to all other software running on the system (OS, Apps, AV SW)

• Ultimate place to hide malware since it would be completely undetectable

Currently, a huge focus area for security researchers and hackers to try to replace BIOS….

Ring 3

Ring 0

Ring -1

Hypervisor

OS Kernel

Applications

Device Drivers

Least privileged

Most privileged

Ring -2

BIOS

HP CONFIDENTIAL

Evil maid attack

• https://blog.eclypsium.com/2018/07/23/evil-mai%EF%BB%BFd-firmware-attacks-using-usb-debug/

Good example of BIOS rootkit attackBased on old vulnerability around debug mode (like JTAG, other)

That is why we are doing HP sure start. It will detect change in DCI settings and remediate.

BIOS replacement physical attacks

HP CONFIDENTIAL

Prices for services on a major darknet cybercrime forum, including for "fully undetectable" ransomware, found in October 2018,

reflecting exchange rates in effect at that time (Source: WatchGuard)

THE MALWARE OF

LOJAX2018 discovery of

hackers targeting PC BIOS in real-world

attacks

✓ Difficult to Detect

✓ Ultimate PC Control

✓ Persistent

✓ Hard to Remove

© 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

9© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

Protect

DetectRecover

BIOS RESILIENCE:PROTECT + DETECT + RECOVER

© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

HP ENDPOINT SECURITY CONTROLLER

✓ Physically isolated ✓ Cryptographically secured

HP Sure Start1 HP Sure Run2 HP Sure Recover3

UNIQUE HARDWARE ENABLES RESILIENT DEVICES

3RD PARTY CERTIFIED

by an accredited independent test lab(Overseen by ANSSI)

11© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

DEFEND AGAINST DEVASTATING FIRMWARE ATTACKSProtect your BIOS and Intel´s ME, with HP Sure Start

HP Sure Start G5 is the industry’s first and still the only self-healing BIOS.

The BIOS is the first million lines of code that run. It is the key to your PC’s foundation.

Why should customers care? Once the BIOS is corrupted, the hackers “own” your PC: all other protection is useless.

No antivirus, anti-malware, or OS firewall can detect an infected BIOS!

WHAT’S NEW:

HP SURE START GEN5Expanding the self-healing protection of HP Sure Start to protect critical non-HP firmware from corruption or attacks

2005 – HP introduces cryptographically secureBIOS updates

2014 - HP Sure Start Gen 1 protects the BIOS

2015 – Gen 2 adds dynamic protection

2017 – Gen 3 adds protection of the SMM

2018 - Gen 4 adds enhanced resilience

2019 –

Full self-healing protection of the Intel CSME from corruption

Protects Thunderbolt ports from pre-boot DMA attacks

HP Sure Start Gen5 PROVIDES RESILIENCE FOR ALL CORE EMBEDDED PLATFORM FIRMWARE

© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

A PC’s System Flash includes several components required to boot a PC - not just the BIOS

Modern attacks can erase the entire flash –rendering most PCs bricked

HP SURE START GEN5 CAN

RECOVER THE ENTIRE FLASH Critical to booting system

Inte

l So

C H

W P

ow

er-u

p

con

fig

(Des

crip

tor)

Inte

l CS

ME

Fir

mw

are

HP

UE

FI B

IOS

HP

UE

FI s

etti

ng

s

Sec

ure

Bo

ot

key

dat

abas

es

Inte

l Net

wo

rk C

on

tro

ller

FW

HP

Fac

tory

Co

nfi

gu

rati

on

HP’S FLASH PROTECTION GOES

BEYOND THE BIOS

14© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.

15

DEMO!

HP CONFIDENTIAL– For HP purposes only.© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.

HP ENDPOINT SECURITY STACK 2019

16

ABOVE THE OS

INTHE OS

BELOWTHE OS

HP Sure Start Gen5Self-healing BIOS with Runtime Intrusion Detection

HP BIOSphere Gen5Comprehensive BIOS management

HP Client Security Manager Gen4

• HP Multi-Factor Authenticate Gen2MFA with hardened policies, 3-factor, face log-in

• HP SpareKeySelf-service password recovery

• HP Device Access ManagerJust-in-Time access for ports and devices

Certified Self-Encrypting DrivesHW data encryption

HP Secure ErasePermanent data removal on HDD/SSD

HP Sure View Gen3Built-in privacy screen

DATADEVICE IDENTITY

HP Sure Run Gen2Protection for critical applications

HP Sure Recover Gen2Automated network-based image recovery HP Sure Click

Browsing security solution

HP Image Assistant Gen3Image creation and testing

HP MIK Gen2Centralized security management

HP Endpoint Security Controller

Key Updates

HP Sure SenseMalware protection driven by deep learning

For use with customers under current Confidential Disclosure Agreement only.© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.

HP Confidential. For use under Confidential Disclosure Agreement only. © Copyright 2017 HP Development Company, L.P. The information contained herein is subject to change without notice.

Thank You