The Growth of Security Breaches
Security breaches have been making headlines yet again with ransomware attacks against hospitals and colleges, and what may turn out to be the single largest hack against the United States government and several of its agencies. It’s perhaps no coincidence these threats have risen with the pandemic, as millions of employees now working from home access cloud-based applications from outside the protected IT network. Hackers haven’t been slow to take advantage of that shift, and have turned their attention from network vulnerabilities to end users who can unwittingly provide an open door to the corporate network.
How Hardware-Based Security Can Help
With so many security threats to track, it’s critical for businesses to find new ways to more effectively fill the gaps. Most business managers understand software-based security applications like malware and antivirus software, but new hardware-based security approaches offer better protection for distributed endpoints and the networks they access. HP in particular has stepped up its security game with a new line of security features embedded directly in their computer hardware, called Sure Suite.
HP’s Sure Suite utilizes a hardware-based security system built around the HP Endpoint Security Controller (ESC), a small device attached to the motherboard that functions as a control center for monitoring vulnerabilities across the computer system. The main advantage of the ESC is that it sits separately from the software systems that are the primary targets for hacking, creating an independent defense against onboard threats that can’t be easily manipulated or bypassed. The ESC facilitates an entire suite of individual security features, including Sure Start, Sure Run, Sure Recover, Sure Click, and Sure Admin.
When any computer starts up, a program called the BIOS (basic input/output system) initiates all the startup processes. In the past, BIOS was read-only, so it couldn’t be hacked very easily. But as computers became more advanced, BIOS updates became more important and therefore had to be rewritable.
As BIOS updates became routine, hackers designed viruses to attack the BIOS in order to take control of the computer at its core, wreaking havoc with the computer’s security system. HP developed Sure Start to automatically detect, stop, and recover from BIOS attacks without any intervention, and without disruption to the user. When the PC powers up, Sure Start automatically scans the BIOS for corruption, and after the computer fully starts, intrusion detection constantly monitors its memory. If there’s an attack, the system automatically reinstates a protected copy of the BIOS so the computer can restart normally.
Sure Run, which is also controlled by HP’s hardware ESC, extends the protection of Sure Start through the normal operation of the computer, monitoring services, processes, and settings to identify attacks. Many malware attacks rely on disabling processes or deleting files or settings to create a vulnerability. Sure Run shields these processes by monitoring for unexpected changes or deletions and automatically restoring applications to their original state. Any time it detects a threat, such as processes being paused or a critical registry setting being changed, Sure Run alerts the system user and administrator through the Windows Action Center. In that way, not only is the device protected, but system administrators are continuously notified of any changes in the state of critical services and applications.
Sure Recover takes the concept of Sure Start—protecting a bit of code to automatically restore in the event of an attack—and scales it to an image of the computer operating system and software. If an attack is detected, Sure Recover can guide the user through an automatic system wipe, drive reformatting, and reimaging to a default or custom system image.
Because Sure Recover is built into the system hardware at the lowest level, it cannot be compromised by a system drive and is resistant to malware. The recovery process is coordinated by the Endpoint Security Controller, including validation of the recovery image as Sure Start reboots the machine. The entire process can be completed in as little as 5 minutes.
Typically when a virus infects a corporate network, IT resources need to manually manage the recovery process for each machine, drawing out the recovery of a network of PCs for many hours if not days. Sure Recover automates the recovery process on each machine in the network, potentially eliminating the threat and recovering productivity in minutes without IT intervention.
HP Sure Click
HP Sure Click is perhaps the closest feature to traditional malware detection, but is managed from the hardware ESC, ensuring that it can’t be compromised by the malware itself. As a user browses the web, Sure Click isolates web content into a CPU-isolated virtual machine like a secure container. Here, any malware is contained and limited from contaminating any other browser tabs, applications, or the operating system of the device itself. Because the malware is securely contained in the virtual machine, the system can analyze any attempts to attack the computer in an isolated environment, and forestall any malware exploits before they start.
Security Beyond the Sum of Endpoints
The more remote workers and business workflows migrate to the cloud, the more cyber attacks will migrate toward endpoint vulnerabilities, overwhelming traditional antivirus and anti-malware applications. Moving security to a hardware-based controller is an important advance not only for identifying and countering endpoint attacks more effectively, but also for optimizing IT resources. With Sure Suite, security and recovery are largely automated at the endpoint, while alerts detail attacks and attempted attacks across the network of protected devices.
HP’s approach is to ensure not only the security of the individual device, but also the security of the networks to which they attach. This makes a lot of sense for businesses with a large number of employees, including both remote and on-site workforces. The more users connected to the Sure Suite system, the more quickly phishing or malware attacks will be detected so that the network can be protected.
To learn more about hardware-based security, and how it can help your business harden your remote workforce against escalating attacks like ransomware, contact the experts at RTI today!
Date Posted: 1/6/21
Date Last Updated: 1/6/21
By: RTI Marketing Team