HP offers enhanced protection for enterprise endpoints

The rise of remote and hybrid work has increased the risk of PCs being compromised by attackers with brief physical access, underscoring the need for protection and visibility into the integrity of devices throughout their lifetimes.

To combat this, HP is launching a new HP Enterprise Security Edition, a unique suite of capabilities designed to enhance the physical security of PC endpoints.

It includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks, while giving IT admins unparalleled visibility to help detect unauthorized firmware, and component tampering throughout a device's lifecycle.

Dr. Ian Pratt, global head of security for personal systems at HP says:

Physical attacks are riskier and more difficult to perform, so they are typically targeted and organized – for instance, as part of a nation-state campaign or corporate espionage. But the lucrative market for selling access to corporate networks means more opportunistic attacks -- spotting an unattended PC and briefly plugging in a Thunderbolt device -- could be worth the risk for a cybercriminal.

By tampering with device hardware and firmware, attackers can gain an almost undetectable foothold on a device, which could help them gain access to a corporate network or mount destructive attacks. This is attractive to bad actors, providing them with unparalleled visibility and control -- and multiple ways to monetize.

Features of HP Enterprise Security Edition include a firmware lock, once activated HP Sure Admin’s cryptographic password-less authentication process is used to unlock the PC. This provides substantially stronger protection than a standard operating system lock when a PC is left unattended.

There are also digital platform certificates that enable customers to validate that hardware and firmware components have not been modified since manufacturing, such as disk, memory, processor, BIOS/firmware version, or PCIe devices and the trusted platform module.

A sure start virtualization process offers pre-boot protection from malicious or compromised third-party hardware being plugged into a Thunderbolt/USB C or PCIe port.

Pratt adds, "Securing PCs from physical attack is often overlooked, but if bad actors want your data badly enough, they'll go to any lengths to obtain it. Whether it's from executives traveling for work and leaving a laptop in an insecure hotel room or stepping away in a café to buy a coffee, there are many ways devices could find themselves exposed."

You can find out more on the HP site and there's a list of platforms that support using ESE.

Image credit: momius/depositphotos.com