Contributed by Simon Firth, freelance technology journalist
Coinciding with its HP Protect 2013 security event, HP announced the debut of HP SureStart, a first of its kind technology that helps businesses protect against malicious attacks or malfunctions.
The product of a long-standing collaboration between HP Labs and HP’s Business PC division, HP SureStart works with HP BIOSphere, the company’s industry-leading firmware ecosystem, to automatically restore a system’s BIOS firmware to its previously safe state if attacked or corrupted.
“This is part of a joint effort with HP Labs to help businesses better manage risk and protect user and IT productivity against malicious attack, a failed update, or any other accidental or unknown cause,” explains Vali Ali, Chief Technologist for Security and Privacy in the HP PC Business Unit.
Over the years, attackers have focused more attention to platform vulnerabilities that exist in the firmware that runs underneath a PC’s operating system, notes HP Labs security researcher BorisBalacheff.
“In response, we’ve consistently worked to improve BIOS security,” Balacheff says. “This latest innovation is the first truly self-healing BIOS solution, employing a mechanism that lets us take a look at the BIOS from the outside when a PC first starts up and repair it if it has been corrupted or modified.”
By guaranteeing the reliability of the very first piece of code that starts a PC platform, HP SureStart ensures a full chain of trust in a PC’s operation, including security solutions deployed on the platform above the firmware that might otherwise be compromised by a low level firmware attack.
HP SureStart is able to overwrite a known good copy of the BIOS if it is detected to be corrupted – a ‘self-healing’ recovery mechanism that also protects against BIOS threats that have yet to be invented.
“That can lead to a significant improvement in reliability,” suggests Balacheff. “It shows how this innovation also lets us offer our customers a more robust solution, reducing user downtime and IT support requests.”
In the case of a PC BIOS malware corruption or compromise, for example, a user session can be restored in around 30 seconds with the hardware being safeguarded against data loss.
HP SureStart customers also no longer need to worry about the safety of their PC BIOS updates. HP security and reliability improvements are now delivered directly to customers via the web or customers’ internal web site, ensuring confidence in their PC BIOS rollout and that PC BIOS versions are standard across an organization.
“The security landscape is getting more and more complex as threats become more sophisticated. Employees these days want device flexibility to support their desired working environment,” said Lorri Jefferson, Senior Director, Software Strategy at HP, at the launch of HP SureStart. “By working closely with our colleagues at HP Labs, we’re creating new solutions that uniquely address these converging trends, helping businesses better mitigate risk, threats and potential negative business outcomes.”