HP Inc. today announced the launch of HP Enterprise Security Edition, a new suite of security capabilities designed to enhance the physical security of HP business-class personal computers.

HP Enterprise Security Edition includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks while also giving information technology administrators deep visibility to help detect unauthorized firmware and component tampering.

The release seeks to address the increasing risk of PCs being compromised by attackers who gain physical access in an age where hybrid work and “work from anywhere” have become common. HP argues that there is a need for protection and visibility into the integrity of devices through their lifetimes as it helps mitigate the risk of targeted attacks that can gain a persistent foothold within a company.

HP Enterprise Security Edition addresses these concerns by preventing harm to hardware and firmware layers in PCs while also allowing IT teams to check if hardware and firmware have been altered in any way by malicious third parties during a device’s lifetime.

“Physical attacks are riskier and more difficult to perform, so they are typically targeted and organized, for instance, as part of a nation-state campaign or corporate espionage,” said Dr. Ian Pratt, global head of security for Personal Systems at HP. “But the lucrative market for selling access to corporate networks means more opportunistic attacks – spotting an unattended PC and briefly plugging in a Thunderbolt device – could be worth the risk for a cybercriminal.”

By tampering with device hardware and firmware, he added, “attackers can gain an almost undetectable foothold on a device, which could help them gain access to a corporate network or mount destructive attacks. This is attractive to bad actors, providing them with unparalleled visibility and control – and multiple ways to monetize.”

To address physical cyber threats, HP Enterprise Security Edition introduces Firmware Lock, a user-controlled safeguard at the firmware level that works alongside HP Sure Admin. Offering a cryptographic, passwordless authentication process, Firmware Lock strengthens security beyond standard operating system locks by ensuring that unauthorized users cannot interact with the system boot or access the operating system if a PC is left unattended.

The suite also includes Platform Certificates — digital certificates that verify the integrity of hardware and firmware components from manufacturing through the device lifecycle. They work by detecting unauthorized modifications to critical elements, such as the processor, BIOS and PCIe devices, to give IT administrators enhanced visibility and control over potential tampering.

Another feature, Sure Start Virtualization Protection, offers pre-boot defense against malicious third-party hardware connected via Thunderbolt, USB-C or PCIe ports. The feature isolates potential threats by running third-party firmware in a micro-virtual machine, preventing hardware infection and securing the PC’s firmware from compromised devices.

HP Enterprise Security Edition is now available for select HP PC platforms.

Image: SiliconANGLE/Ideogram