As various forms of advanced persistent threats (APTs) become both more pervasive and sophisticated, the challenges associated with keeping IT environments secure have become increasingly complex. One of the biggest issues with APTs is that they often embed themselves at the BIOS level of a device where they may wait for months before being remotely activated.
For a lot of organizations, this has led them to assume that most of the endpoints on their network have already been compromised; it’s just a matter of when that threat is going to actually infect the rest of the network. While putting in stronger security measures is always a good idea, measures such as browser sandboxes or application containers usually come at some cost to productivity that all too often winds up with users trying to circumvent one control or another.
To eliminate that tension, HP Labs has come up with BIOSphere with SureStart Technology, a new approach to security that operates at the BIOS level. Initially available within HP EliteBook PCs, this new approach assumes the BIOS in each device is either corrupted or infected with malware. Each time the device boots up, the HP BIOSphere with SureStart Technology automatically reinstalls a pristine version of the system’s BIOS to both eliminate any corrupted file while at the same time wiping away any APT that may be lurking on the system.
According to Vali Ali, chief technologist for HP Labs, the goal is to isolate each system at the time it boots from any possible source of APT infection. That doesn’t mean that organizations don’t need to install antimalware software, but it does mean that one of the primary avenues that APTs routinely use to infect a system has been effectively shut down.
Ali says HP plans to eventually add this capability to all of its products, but for the moment the first instance of it is being rolled out in the company’s high-end line of EliteBook PCs.
Purveyors of malware are always looking for the path of least resistance. In the case of APTs, BIOS has proven to be a relatively simple way to infect systems. While there will never be perfect security, Ali says the goal is to close down all the simple avenues that hackers use to infect systems in order to make it less economically attractive to launch an attack. That may not eliminate every kind of threat, but it does mean that it should be a whole lot harder and less profitable for hackers and other digital miscreants to compromise a system at the BIOS level.