Why automatic defences will save your business devices

28 March 2018

3 min read

How do you fight a threat that hides under your defences? You automate.

Why automatic defences will save your business devices (Desktop)

£338 billion a year. That’s the current cost of cybercrime across the world1. That number gets bigger and bigger as hackers become more sophisticated and capable. One of the latest sneak attacks to become the bane of IT managers is the BIOS attack.

Millions of machines have basic BIOS vulnerabilities, meaning they could be hacked into by someone with even moderate hacking skills. Researchers Xeno kovah and Corey Kallenberg presented a new type of attack at a conference a few years ago, revealing that within a few hours they could remotely hack and infect the BIOS of multiple systems2. Because most BIOS share the same code, once the first had been cracked, it was only a matter of time before the same skills were able to topple the defences of so many more machines.

This type of attack is so dangerous because it targets somewhere that hasn’t been protected. There’s a hidden space between the operating system and the hardware, which used to be ignored. And while your network might appear watertight and your device is protected behind the best security systems in the world, there’s still a brief moment during booting up and your defences firing up. It’s at this moment that a hostile BIOS attack can wreak havoc.

As most cyber-security software sits on/at the operating system level, malware injected into the BIOS (before bootup and passed into the System Management Mode) will be undetectable to endpoint cyber-security software. From there, the hackers will replace your BIOS with their own custom version, which can be remotely, and indefinitely, managed. Worst of all, it can be almost impossible to discover that the breach and infection have occurred.

The best way to protect your company devices is to use multi-layer security. The capabilities of your IT team shouldn’t be wrapped up in constant scanning and manual fixes. HP provides an automatic response – as part of a range of security solutions – HP Sure Start.

“This is part of a joint effort with HP Labs to help businesses better manage risk and protect user and IT productivity against malicious attacks, a failed update, or any other accidental or unknown cause,” - Vali Ali, Chief Technologist for Security and Privacy in the HP PC Business Unit.

HP Sure Start is a self-healing BIOS level protection. We call this approach cyber-resilience. The system works by creating a ’gold master’ of the BIOS, which is directly encrypted on the device. So, if someone tries to hack the BIOS, it automatically reboots itself and then loads the ‘gold master’, wipes the infected file and lets you and your team know about the attack. Essentially, the machine heals itself.

That means uninterrupted productivity. It means lower costs. It means more compliant devices. Above all, it’s an easier way of working.

If you’re wondering what the easiest way to get cutting-edge devices with HP Sure Start enabled in front of your users, then consider HP Device as a Service. It’s a modern PC consumption model that simplifies how commercial organisations equip their employees with the right hardware and accessories, manage multi-OS device fleets, and get additional lifecycle services. HP DaaS offers simple, yet flexible plans, at one price per device to keep everything running smoothly and efficiently. 

Endpoints and access points need to be monitored at every level. It’s time to stop avoiding the hidden parts of our devices. Every person, business and organisation around the world can become safer and more resilient with HP’s portfolio of product offerings, including the HP EliteBook 800 Series. As part of the HP Elite family, this device offers security technology thanks to its built-in security features like HP Sure Start.

To find out more on how to protect your company devices, read our latest HP Sure Start White Paper, and discover the benefits of HP security solutions to your business.


1 https://www.mcafee.com/error-pages/404.aspx?url=https://www.mcafee.com/uk/resources/reports/rp-economic-impact-cybercrime2.pdf

2 https://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/

3 Various generations of HP Sure Start are available on select configurations of HP Elite and HP Pro systems.


© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.