Imagine a scenario where an employee at an information-rich agency like the IRS or DOJ opens an email that looks like it’s from their manager or a colleague, but instead of taking them to a safe website, when they click on the link it downloads malware onto their laptop. The infected computer, running on an internal network, has the potential to spread that malicious code to every device operating in the network environment.
If the cyber security tools being used are off-the-shelf and meant to simply be bolted on to any random system, then it’s likely a lot of damage will be done before IT administrators notice there is a problem. One-size-fits all security tools are targets for attacks, because bad actors know their universal vulnerabilities.
As cyberattacks become more frequent and sophisticated, this way of thinking about securing your devices could lead to disaster. Computers, smart phones, laptops and printers all need to be designed with security built into every layer. Security solutions must be specifically tailored to the protection needs of the user and how they operate.
Simply put, security needs to be part of the ingredients baked into the cake, not just the icing you put on top of it. When it comes to devices, much like a layer cake, you need to think about the possible gaps in between each possible point of entry: below the operating system, at the operating system and above the operating system.
Cyber tools below the operating system (OS) take control of the device immediately when it’s turned on, before it even has the opportunity to boot up. These measures are hardcoded onto the system board, since the hardware layer is the least likely to be compromised and most secure piece of an endpoint. A security controller below the OS acts as a trusted piece of the most fundamental level of a device and can detect variations in the BIOS or firmware code.
There is specific malware targeted at the operating system, even with a significant amount of security built in to Windows 10 and other systems. This means endpoints need added protection that can constantly monitor inside the OS, while also checking against security polices and permissions coded directly into the device’s hardware.
The third layer to fold security into is above the OS. This has less to do with hardware and software than it does the physical device. While most attacks are from attackers thousands of miles away, bad actors can also steal information when they’re sitting right next to the user. Privacy screens are just as much a cyber security tool as a program running inside a device.
HP understands these three layers and has built our devices to meet the demands of the modern cyber environment. Below the OS, HP’s Sure Start automatically detects, stops and recovers devices from a BIOS attack or corruption without IT intervention and with little or no interruption to user productivity. Every time the device powers on, HP Sure Start automatically validates the integrity of the BIOS code to safeguard from an attack. If an attack occurs, the device can self-heal using an isolated “golden copy” of the BIOS in less than a minute. At the OS layer, HP Sure Run, monitors applications, processes, policy settings and OS functionality. Finally, HP SureView offers a screen that goes up to 1000 nits of brightness, but prevents nearby users from stealing information off others’ screens.
Cyber security isn’t just a hot topic or buzzword. For federal agencies it’s more than just forgetting to add eggs to the cake. It’s the difference between mission success and failure.
There’s a lot of information out there about what works and what doesn’t. But one thing isn’t debatable: your cyber tools need to be integrated into your devices from the design phase and tailored to suit your specific needs.
For more information on HP’s range of devices and their security features, visit the Iron Bow website.
COMMENTS