CSME and Gender - FOCAL: Canadian Foundation for the Americas
Antivirus Firewall...2017 –Gen 3 adds protection of the SMM 2018 - Gen 4 adds enhanced resilience...
Transcript of Antivirus Firewall...2017 –Gen 3 adds protection of the SMM 2018 - Gen 4 adds enhanced resilience...
AntivirusFirewallEnd point sikkerhed
HP Confidential. For use by HP or Partner with Customers under HP CDA only.© 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
HP’s
INNOVATION FRAMEWORKBASED ON CUSTOMER INSIGHTS
DESIGNfor the way you work and live
SECURITYto work anywhere
COLLABORATIONfor connecting & creating
WORKFORCE WORKPLACE WORKSTYLE
IN 2019, ITDMs FACE A
RISING TIDE OF SECURITY THREATS
INCREASE IN
FIRMWAREATTACKS
RISE OF
DESTRUCTIVE ATTACKS
RAPID
EVOLUTION OF MALWARE
© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
Low-levelSystem
Firmware(UEFI / BIOS)
Software exploit• Buffer overflow
• Misconfiguration
• Code injection (SQL)
• Open network ports andapplication vulnerability
Modern malware targetshardware & firmware
Simple physicalaccess exploits• USB based attack
Human exploit• Phishing email
User SpaceApplications
Operating System
And why should we care…
Why is replacement of the BIOS a problem?
• BIOS executes at the HIGHEST privilege level
• Executing BIOS Code running has access to ALL memory and ALL hardware
• This code is completely INVISIBLE to all other software running on the system (OS, Apps, AV SW)
• Ultimate place to hide malware since it would be completely undetectable
Currently, a huge focus area for security researchers and hackers to try to replace BIOS….
Ring 3
Ring 0
Ring -1
Hypervisor
OS Kernel
Applications
Device Drivers
Least privileged
Most privileged
Ring -2
BIOS
HP CONFIDENTIAL
Evil maid attack
• https://blog.eclypsium.com/2018/07/23/evil-mai%EF%BB%BFd-firmware-attacks-using-usb-debug/
Good example of BIOS rootkit attackBased on old vulnerability around debug mode (like JTAG, other)
That is why we are doing HP sure start. It will detect change in DCI settings and remediate.
BIOS replacement physical attacks
HP CONFIDENTIAL
Prices for services on a major darknet cybercrime forum, including for "fully undetectable" ransomware, found in October 2018,
reflecting exchange rates in effect at that time (Source: WatchGuard)
THE MALWARE OF
LOJAX2018 discovery of
hackers targeting PC BIOS in real-world
attacks
✓ Difficult to Detect
✓ Ultimate PC Control
✓ Persistent
✓ Hard to Remove
© 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
9© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
Protect
DetectRecover
BIOS RESILIENCE:PROTECT + DETECT + RECOVER
© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
HP ENDPOINT SECURITY CONTROLLER
✓ Physically isolated ✓ Cryptographically secured
HP Sure Start1 HP Sure Run2 HP Sure Recover3
UNIQUE HARDWARE ENABLES RESILIENT DEVICES
3RD PARTY CERTIFIED
by an accredited independent test lab(Overseen by ANSSI)
11© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
DEFEND AGAINST DEVASTATING FIRMWARE ATTACKSProtect your BIOS and Intel´s ME, with HP Sure Start
HP Sure Start G5 is the industry’s first and still the only self-healing BIOS.
The BIOS is the first million lines of code that run. It is the key to your PC’s foundation.
Why should customers care? Once the BIOS is corrupted, the hackers “own” your PC: all other protection is useless.
No antivirus, anti-malware, or OS firewall can detect an infected BIOS!
WHAT’S NEW:
HP SURE START GEN5Expanding the self-healing protection of HP Sure Start to protect critical non-HP firmware from corruption or attacks
2005 – HP introduces cryptographically secureBIOS updates
2014 - HP Sure Start Gen 1 protects the BIOS
2015 – Gen 2 adds dynamic protection
2017 – Gen 3 adds protection of the SMM
2018 - Gen 4 adds enhanced resilience
2019 –
Full self-healing protection of the Intel CSME from corruption
Protects Thunderbolt ports from pre-boot DMA attacks
HP Sure Start Gen5 PROVIDES RESILIENCE FOR ALL CORE EMBEDDED PLATFORM FIRMWARE
© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
A PC’s System Flash includes several components required to boot a PC - not just the BIOS
Modern attacks can erase the entire flash –rendering most PCs bricked
HP SURE START GEN5 CAN
RECOVER THE ENTIRE FLASH Critical to booting system
Inte
l So
C H
W P
ow
er-u
p
con
fig
(Des
crip
tor)
Inte
l CS
ME
Fir
mw
are
HP
UE
FI B
IOS
HP
UE
FI s
etti
ng
s
Sec
ure
Bo
ot
key
dat
abas
es
Inte
l Net
wo
rk C
on
tro
ller
FW
HP
Fac
tory
Co
nfi
gu
rati
on
HP’S FLASH PROTECTION GOES
BEYOND THE BIOS
14© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice.
15
DEMO!
HP CONFIDENTIAL– For HP purposes only.© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.
HP ENDPOINT SECURITY STACK 2019
16
ABOVE THE OS
INTHE OS
BELOWTHE OS
HP Sure Start Gen5Self-healing BIOS with Runtime Intrusion Detection
HP BIOSphere Gen5Comprehensive BIOS management
HP Client Security Manager Gen4
• HP Multi-Factor Authenticate Gen2MFA with hardened policies, 3-factor, face log-in
• HP SpareKeySelf-service password recovery
• HP Device Access ManagerJust-in-Time access for ports and devices
Certified Self-Encrypting DrivesHW data encryption
HP Secure ErasePermanent data removal on HDD/SSD
HP Sure View Gen3Built-in privacy screen
DATADEVICE IDENTITY
HP Sure Run Gen2Protection for critical applications
HP Sure Recover Gen2Automated network-based image recovery HP Sure Click
Browsing security solution
HP Image Assistant Gen3Image creation and testing
HP MIK Gen2Centralized security management
HP Endpoint Security Controller
Key Updates
HP Sure SenseMalware protection driven by deep learning
For use with customers under current Confidential Disclosure Agreement only.© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.
HP Confidential. For use under Confidential Disclosure Agreement only. © Copyright 2017 HP Development Company, L.P. The information contained herein is subject to change without notice.
Thank You