• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Lenovo launches ThinkShield Firmware Assurance for Deep Protection Above and Below the Operating System

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,588 (2.40/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Today, Lenovo announced the introduction of ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance is one of the only computer OEM solutions to enable deep visibility and protection below the operating system (OS) by embracing Zero Trust Architecture (ZTA) component-level visibility to generate more accurate and actionable risk management insights.

As a security paradigm, ZTA explicitly identifies users and devices to grant appropriate levels of access so a business can operate with less risk and minimal friction. ZTA is a critical framework to reduce risk as organizations endeavor to complete Zero-Trust implementations.




Visibility and Protection
Gartner predicts that by 2026, only 10% of large enterprises will have a mature and measurable Zero-Trust program in place, up from less than 1% in 20231. Due to a lack of visibility of device components that can become an even bigger problem in a hybrid work environment, organizations often struggle to determine the level of risk originating from their hardware and firmware. The inclusion of ThinkShield Firmware Assurance makes enterprise PCs and the networks they serve more secure by design and helps fulfill ZTA goals.

ThinkShield Firmware Assurance provides governance of critical components with detailed attestation measurements that can be analyzed and risk-scored so that every device is set with its assigned trust level. Different from third-party software-based endpoint security approaches, ThinkShield Firmware Assurance uses a dedicated embedded controller (EC) that attests critical components and configuration during boot time to provide platform root of trust.

ThinkShield Firmware Assurance can be deployed quickly so IT teams can have better visibility of their PC fleets and networks more quickly and efficiently. With this new security solution, organizations can help prevent software and firmware components from being installed unless signed with recognized and approved certificates. In addition, unauthorized changes in BIOS policies can be prevented while providing automatic recovery of BIOS policies.

"Lenovo's continued innovation in computing is delivering on its commitment to enable smarter AI for all, and cybersecurity is one of the most critical elements to how and where AI is adopted. This is a key driver in why we focused on supply chain, below-OS, and above-OS security," said Nima Baiati, Executive Director & GM, Commercial Cybersecurity Solutions, Lenovo. "ThinkShield Firmware Assurance is a unique solution designed to help customers better manage and mitigate risk with more insight and confidence."

Secure by Design
ThinkShield is Lenovo's portfolio of security solutions comprising hardware, software, and services. The portfolio for comprehensive end-to-end security provides advanced solutions in the forms of built-in platform security and device protection, threat and data protection, and security management tools that help protect critical business information. From the factory floor straight to customers' hands, ThinkShield keeps devices more safe and secure.

ThinkShield addresses every level of protection and security, including:
  • Supply Chain Assurance: Lenovo is one of the first and only PC OEMs with a supply chain assurance solution built with Intel and AMD enabling customers to validate hardware components in devices against tampering from the factory floor straight to their employees' hands.
  • Below-the-Operating System: ThinkShield built-in solutions cover hardware, firmware, operating system and cloud to defend against hardware attacks, help ensure firmware integrity and provide real-time alerts for any attack attempts.
  • Operation System-to-Cloud: offering security management that includes AI-powered endpoint protection, work from anywhere protection, remote management, cloud backup, password-less authentication, data defense, patented solution to protect browser, email and file explorer and an automated BIOS patching solution.

ThinkShield Firmware Assurance is available now in markets worldwide. For more information about Lenovo cybersecurity solutions visit the ThinkShield website.

View at TechPowerUp Main Site | Source
 
Joined
Aug 20, 2007
Messages
21,447 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
The firmware layer is really a silly layer to try to secure. There is really nothing you can do if you assume flashing has happened.

If they really wanted to secure it properly, they wouldn't be doing this fancy hardware security bullshit, they'd be implementing a hardware chip based write-protect for the firmware NAND.
 
Top