Why Software-Based Security Is No Longer Enough
Businesses typically rely on security software to protect their assets. But software-based security can be bypassed by an attacker who has higher privileges through a vulnerability in the software or hardware. By design, hardware and firmware have a better view of the system—and a greater ability to protect it.
However, the hardware itself must also be protected, and sophisticated attackers are looking for vulnerabilities that may exist at the firmware level. One recent survey found that 63 percent of companies have been compromised due to a vulnerability in hardware or silicon.4 Hardware-based security features built in at the silicon level can help better protect up the stack, providing a trusted foundation for an organization’s endpoint security strategy.
What Is Hardware Security?
Traditional security software continues to offer a degree of protection for end users. And operating system (OS) security is moving toward a new model in which virtualized containers can be used to isolate and verify the integrity of applications, web browsers, and data running inside those containerized environments. Virtualization provides the ability to offer protection through isolation. It also minimizes what malware can do on the system, as it has limited access to system resources and lacks the ability to persist on the system. However, security software protections such as OS security, encryption, and network security represent only one dimension of IT security for today’s businesses.
Hardware-based security takes a multidimensional approach to not only complement software-based security but also add efficiency to implementing and managing protections to your computing infrastructure.
Your business needs a high level of assurance that its assets are protected through a comprehensive IT security strategy. This assurance requires high firmware visibility and resilience, resulting in the confidence that workloads are running on trustworthy platforms.
Hardware Vs. Software Security
An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the operating system launch. Hackers are looking for ways to inject malware into this code beneath the operating system, which by default never required security and integrity checks designed into its sequence. As a result, the operating system will trust this code even when it contains a nefarious malware payload.
Tampering is another way a malware intrusion under the operating system can occur anywhere in the manufacture to delivery process. Physical attacks are getting easier and becoming more concerning for IT teams. To mitigate this threat, a modern PC platform can integrate hardware-enhanced security that starts at the assembly line. In addition to manufacturers ensuring the authenticity of certified device components, golden measurements of firmware code are taken before the firmware is sealed, prior to transport and delivery. This approach enables IT to determine whether the newly received device has been tampered with before the first time it is turned on.
Of course, tampering can occur at any time in the asset’s life cycle. At each subsequent startup, the technology verifies the loaders that boot the code and execute the boot sequence of the firmware and operating system. This added layer of security helps mitigate the risk of tampering to introduce malicious code under the operating system.
A business-grade PC platform provides an additional layer of hardware-based security that gives your IT group a secure foundation on which to simplify and scale.
Security Strategies for the Business Environment
Hardware-enabled security plays a major role in a comprehensive security approach. Here are some of the key strategies businesses are adopting today.
Hardware-Enhanced Endpoint Security
Your PC fleet endpoints are targets for hackers to gain access to your data or embed malware inside your corporate firewall. The business implications of these security threats are motivating organizations to move toward a hardware-enhanced protection model that helps mitigate the risks of software-based security at the device level. With advanced endpoint security, AI models use hardware telemetry to help detect stealthy attacks.
Firmware Transparency and Assurance
This strategy involves removing firmware blind spots and improving visibility into your device platform, allowing IT to build the trustworthiness of what resides within a given platform.
Managed IT Environments
With enhanced manageability capabilities, IT administrators can remotely power systems up to deploy security patching or threat remediation, and then power them down when not in use to help conserve energy. They can use an out-of-band keyboard video mouse (KVM) feature to take over the keyboard, monitor, and mouse of off-site endpoints—even unattended systems—to deploy security patches. In addition, a managed IT environment boosts the ability to recover from errors or attacks and prevent denial of service.