Professional Documents
Culture Documents
Secure and
Manageable PCs 1
Security threats
to evolving workstyles
Threats for the evolving workstyles – threats contained to remote workers
Face lift, possibly transition to remote workforce vs threats…
What threats we can see. Malware into next gen. 94%
94% of attacks on an endpoint start with an email. of cyber-
attacks start
with an email2
Malware of the
DIFFICULT ULTIMATE
future is here TO PC
DETECT CONTROL
MO SA I C
R EG RE SS O R
Like Lojax and other
forms of BIOS attacks
have evolved to new
categories of threats HARD
impacting PCs.
PERSISTEN TO
T REMOV
E
To be resilient,
your organization’s
PC must be able to:
Hardware-enforced Protection
Security 17
HARDWARE-ENFORCED
RESILIENCY
Hardware that can self monitor and self heal if
an attack gets in Zero Trust is a core set of
principles in the design and
LAYERS OF PROTECTION
Proactively prevent threats – below, in, and operation of systems
above the OS
and their security.
ADVANCED LEVELS OF
SECURITY
Advanced security with application isolation
and AI Deep Learning technology
Protection below, in, Hardware-enforced Resilience against Advancing security for A new breed of
and above the os security growing threats unknown threats Endpoint Security20
• HP Sure View12 • HP Endpoint Security • Expanded Hardware • HP Sure View Reflect27 • Securing endpoints
• HP Sure Start with Controller Enforced Security • HP Pro Security Edition30 against evolving modern
Runtime Intrusion • HP Sure Run9 • HP Sure Sense11 • HP Sure Click threats
Detection7 • HP Sure Recover8 • HP Proactive Security31 Enterprise29 • Addressing threats aimed
• HP Multi-Factor • HP Sure Admin24 at distributed workers
Authenticate28 • HP TamperLock25
• HP Sure Click10
HP Sure Click10
In Hardware-enforce Secure Browsing/Viewing Solution
The OS
Microsoft Secured-Core PC22 HP Sure Sense11
Best In Class OS Security Protect From Never-before-seen Malware
HP Biosphere 23
HP Secure Erase15
Comprehensive BIOS Management Permanent Data Removal On HDD/SSD
HP Sure Admin24
Cryptographically Secure BIOS Management
HP Tamperlock25
Tamper Protection
HP Client Security Manager25
Local Security Management (HP Sure Run & HP Sure Recover)
Included with Every PC Purchase Pre-configured Hardware Bundle Standalone or with Standalone or with
Hardware/Other Services Hardware/Other Services
Built-in Security Services
Every AMD Ryzen™ PRO processor delivers a *"FIPS 140-3 Implementation Under test
HP ProBook G9
HP EliteBook G9 HP EliteBook x360 435, 445, 455
835, 845, 865 G9
645, 655
HP EliteDesk G8
805 DM, 805 SFF HP ProDesk G8
405 DM, 405 SFF
HP Confidential. For HP and Channel Partner internal training purposes only.
Layers of Security
Below the OS
HP Wolf Security Controller
Unique hardware enables 3RD PARTY
• Inside every AMD Ryzen™ PRO processor is a dedicated on-chip security co-processor called the AMD Secure Processor (ASP). The
ASP forms the foundation of the root of trust for critical security functions and features of AMD PRO security technology including
AMD Memory Guard.
• AMD Memory Guard is a memory encryption technology providing a simple yet compelling model for many computing systems,
especially when physical attacks on the system are a concern.
• With AMD Memory Guard, all DRAM contents are encrypted
utilizing the random key which helps provide
protection against:
Physical Cold Boot
DRAM Interface Snooping
And Similar Types Of Attacks
• Main memory encryption is performed via dedicated
hardware in the on-die memory controllers.
Each controller includes a high-performance
Advanced Encryption Standard (AES) engine that
encrypts data when it is written to DRAM and
decrypts it when read as shown here
of a Comprehensive
Security Solution
1. Does not require any software modifications ____________
HP Sure Start
7
PROTECT WHERE
ANTIVIRUS DOESN’T
WORLD’S
FIRST
SELF-
HEALING
BIOS
!
THE HP WOLF SECURITY
PROBLEM SOLUTION
HP Sure Start 7
HP UEFI BIOS
know 2011
BIOS PROTECTIONS
NIST SP 800-147
( 2015: ISO 19678 creates an international standard)
Learn more:
HP Sure Start Whitepaper 2019
FIRMWARE RESILIENCE
NIST SP 800-193
HP Sure Run 9
New in Gen4
• Dynamic Persistence if agent is stopped; automatic reinstall
!
THE
PROBLEM
SOLUTION
Our users are pretty savvy and constantly shut Monitors and keeps critical processes running
down processes on their machine they feel are when users or even advanced malware tries
slowing it down. Ensuring our required and key to shut them down.
processes are kept up and running like AV or the Software network isolation prevents malware from
firewall is important and a problem for us. spreading, guards against changes to device settings.
Behind the
technology
Trust is part of
our DNA Hardware-enforced
Persistence to protect
your PCs key security Heartbeat
processes PROTECTED
APPLICATIONS
PROTECTED
PROCESSES
SECURE REIMAGING
For trusted systems
HOW LONG
WOULD YOU
RECOVER QUICKLY NEED TO
In minutes instead of hours
RECOVER 1,000
MACHINES?
SUPPORT BUSINESS
CONTINUITY Continual trend of destructive
with user-enabled reimaging attacks, wipers, malware, and new
threats are coming out regularly
!
THE HP WOLF SECURITY
PROBLEM SOLUTION
Users working from home need to be up and running HP Sure Recover reduces downtime and lost
quickly without IT’s help. productivity by leveraging the power of the HP Wolf
We want to make sure that no matter what happens, we Security Controller to quickly restore the operating
can recover a unit when attacked or in an unusable system when the hard drive has been
state. compromised or corrupted.
Embedded Recovery Scheduled Recovery Corporate Image Ready Designed For Deployment
Perform image recovery Refresh PCs on your schedule Foundation for Modern Pre-configure custom images and
from anywhere with the to minimize potential dwell- Management & Device provision settings for HP Sure
embedded storage option time for malware Provisioning Services Recover
HP Sure Click5
HP Sure Sense7
Secure Browsing
• Isolates each tab in a secure virtual container.
File Protection
• Protection for Email Attachments, Word and PDF files
open in a secure virtual container.
• Word and PDF file download protection using IE,
Edge, Chrome, and Firefox. 67% Of malware is delivered through
email
32
!
THE
PROBLEM SOLUTION
Our employees are constantly opening bad HP Sure Click prevents malicious websites and
attachments. Training them on proper security attachments from attacking the PC by isolating
procedures isn’t enough. I need a backstop. malware within a virtual container.
Layered security
provides industry-leading
protection against threats
HP Sure Run
Hypervisor
SMM
HP Sure Click isolates in secure virtual containers
10
HP Sure Start
HP Sure Sense11 protects against zero-day attacks
Prevent never-before-seen
malware by harnessing
the power of artificial intelligence
BEHAVIORAL ANALYSIS
Identifying and blocking malicious behavior
!
THE
PROBLEM SOLUTION
Complementary protection
from malware threats
MALICIOUS USB: WORK
NETWORK/
DOCUMENT AND OTHER
OTHER
S FILES
HP Sure Click 10
HP Sure Sense 11
X
QUARANTINED
HPConfidential.
HP Confidential.
ForFor
HP HP and &
internal Channel
ChannelPartner
Partner internal
training training purposes only.
only.
Security above the OS
HP Sure View 12
!
THE
PROBLEM
SOLUTION
Our sales force spends a lot of time With the press of a key, HP Sure View activates an
working on planes, and they view integrated privacy screen to protect confidential
confidential information on their laptops. information from unauthorized snooping.
We need to protect the data on the
screen.
HP Privacy
Camera 14
HP Privacy Camera
• Simple to use
• Seamlessly integrated behind the glass
• Provides peace of mind
HP Confidential. For HP and Channel Partner internal training purposes only.
Preserve personal privacy
!
THE
PROBLEM
SOLUTION
We had a hacker take over the webcam built into Say goodbye to tape-covered webcams and preserve
the notebook of several of our employees. It has personal privacy without marring the clean design
of your PC or permanently disabling an essential
caused
device for collaboration.
a nightmare of internal issues. We need to be able
HP Privacy Camera physically blocks
to lock those down.
the camera lens for peace-of-mind.
THREA
TS
5B unique threats every month35 OS Security HP Wolf Pro Security15,16
5B unique threats every month 35
OS SECURITY HP WOLF PRO SECURITY15,16
Unified security
solution
Simple UI
Easy onboarding
Bundled hardware
protection
Service 15
Malware
Prevention
Threat
Containment
Identity
Protection
Actionable Insights
AVAILABLE Relevant and timely insights to ensure endpoints are secure
Protection health
Run-Time threat details CONSOLE
Threat incidents &
notifications
Delivered By
Certified Security Experts
HP Confidential. For HP and Channel Partner internal training purposes only.
[AMD Official Use Only]
HP Wolf Pro
Security Service 15
customers
Cloud
Scalable Management
Large On-prem
Deployment Cloud Hosted Management
Options
HP WOLF SECURITY35,36
Disclaimers
1. Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Workstations with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher.
2. Source: https://www.teiss.co.uk/r3/cth_schedule/94-of-cyber-attacks-start-with-an-email-how-resilient-is-your-endpoint-protection-solution/
3. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
4. 13th annual 2018 Cost of a Data Breach Study: Global Overview from IBM Security and Ponemon Institute.
5. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
6. (3) Source: https://www.i-cio.com/innovation/it-infrastructure/item/the-security-risks-keeping-cios-awake-at-night
7. HP Sure Start Gen6 is available on select HP PCs.
8. HP Sure Recover Gen4: See product specifications for availability. Requires an open, wired network connection. Not available on platforms with multiple internal storage drives. You must back up important files, data, photos,
videos, etc. before using HP Sure Recover to avoid loss of data.
9. HP Sure Run Gen3 is available on select Windows 10 and higher and higher and higher based HP Pro, Elite and Workstation PCs with select Intel® or AMD processors.
10. HP Sure Click is available on select HP PCs and requires Windows 10 and higher. See https://bit.ly/2PrLT6A_SureClick for complete details.
11. HP Sure Sense requires Windows 10 and higher and higher and higher. See product specifications for availability.
12. HP Sure View Gen3 integrated privacy screen is an optional feature that must be configured at the factory. It is only available on non-touch models and is designed to function in landscape orientation.
13. HP Privacy Camera is only available on PCs equipped with HD or IR camera, and must be installed at the factory.
14. HP Sure Erase: For the methods outlined in the National Institute of Standards and Technology Special Publication 800-88 "Clear" sanitation method. HP Secure Erase does not support platforms with Intel® Optane™.
15. Wolf Pro Security. HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details
16. HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.
17. HP Wolf Pro Security Edition (including HP Sure Click Pro and HP Sure Sense Pro) is available preloaded on select SKUs and, depending on the HP product purchased, includes a paid 1-year or 3-year license. The HP Wolf Pro
Security Edition software is licensed under the license terms of the HP Wolf Security Software - End-User license Agreement (EULA) that can be found at: https://support.hp.com/us-en/document/ish_3875769-3873014-16 as that
EULA is modified by the following: “7. Term. Unless otherwise terminated earlier pursuant to the terms contained in this EULA, the license for the HP Wolf Pro Security Edition (HP Sure Sense Pro and HP Sure Click Pro) is
effective upon activation and will continue for either a twelve (12) month or thirty-six (36) month license term (“Initial Term”). At the end of the Initial Term you may either (a) purchase a renewal license for the HP Wolf Pro
Security Edition from HP.com, HP Sales or an HP Channel Partner, or (b) continue using the standard versions of HP Sure Click and HP Sure Sense at no additional cost with no future software updates or HP Support.”
18. HP Wolf Enterprise Security is an optional service and may include offerings such as HP Sure Click Enterprise and HP Sure Access Enterprise. HP Sure Click Enterprise requires Windows 10 and higher and higher and higher and
Microsoft Internet Explorer, Google Chrome, Chromium or Firefox are supported. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed.
HP Sure Access Enterprise requires Windows 10 and higher and higher and higher Pro or Enterprise. HP services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time of
purchase. Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with your HP
Product. For full system requirements, please visit www.hpdaas.com/requirements.
19. HP Wolf Security for Business requires Windows 10 and higher, includes various HP security features and is available on HP Pro, Elite and Workstation products. See product details for included security features and OS
requirement.
20. HP Sure Shutter only available PCs equipped with HD or IR camera and must be installed at the factory.
21. Microsoft Secured Core requires an Intel® vPro® , AMD Ryzen™ Pro processor or Qualcomm® processor with SD850 or higher and requires 8 GB or more system memory. Secured Core PC functionality can be enabled from the
factory.
22. HP BIOSphere Gen6 requires Windows 10 and higher and higher and higher and is available on select HP Pro, Elite PCs, and Z Workstations. Features may vary depending on the platform and configurations.
23. HP Sure Admin requires Windows 10 and higher, HP BIOS, HP Manageability Integration Kit from http://www.hp.com/go/clientmanagement and HP Sure Admin Local Access Authenticator smartphone app from the Android or
Apple store.
24. HP Tamper Lock must be enabled by the customer or your administrator.
25. HP Client Security Manager Gen7 requires Windows and is available on the select HP Pro, Elite, PCs, and Z Workstations.
26. The world’s most advanced privacy in its class based on HP’s internal analysis of optional, physically embedded, hardware based, privacy screens for laptops. Most advanced based on an average of .32% luminance reduction in
privacy mode at 45⁰ as of December 2019.
27. HP Multi Factor Authenticate Gen3 is available on select HP PCs and requires Intel® Core™ processor, Intel® integrated graphics, and Intel® WLAN.
HP Confidential. For HP and Channel Partner internal training purposes only.
[AMD Official Use Only]
Disclaimers
28. HP Sure Click Enterprise is sold separately and requires Windows 8 or 10 and Microsoft Internet Explorer, Google Chrome, Chromium or Mozilla Firefox and new Edge are supported. Supported attachments include Microsoft
Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed.
29. HP Pro Security Edition is available preloaded on AVs of select HP PCs and includes HP Sure Click Pro and HP Sure Sense Pro. 3-year license required. The HP Pro Security Edition software is licensed under the license terms of
the HP End User License Agreement (EULA) that can be found at: https://h30670.www3.hp.com/ecommerce/common/disclaimer.do#EN_US as modified by the following: “7. Term. Unless otherwise terminated earlier pursuant to
the terms contained in this EULA, the license for the HP Pro Security Edition (HP Sure Sense Pro and HP Sure Click Pro) is effective upon activation and will continue for thirty-six (36) months thereafter (“Initial Term”). At the
end of the Initial Term you may either (a) purchase a renewal license for the HP Pro Security Edition from HP.com, HP Sales or an HP Channel Partner, or (b) continue using the standard versions of HP Sure Click and HP Sure
Sense at no additional cost with no future software updates or HP Support.” HP Pro Security Edition is optimized for the SMB environment and ships pre-configured - manageability is optional. The HP Pro Security Edition
supports a limited tool set that can be used by the HP Manageability Integration Kit which can be downloaded from http://www.hp.com/go/clientmanagement.
30. HP Proactive Security HP services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time of purchase. Customer may have additional statutory rights according to
applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with your HP Product.
31. HP Wolf Security Threat Research: 92% of Malware is delivered through email. 67% is embedded in word documents.
32. Average based on global trials conducted by Ponemon Institute during the “Visual Hacking Experiment,” 2015, and the “Global Visual Hacking Experiment,” 2016, both sponsored by 3M.
33. Based on HP’s internal analysis of mobile devices in its class with optional, physically embedded, hardware based, reflective privacy screen. Most effective based on an average of .32% luminance reduction in privacy mode at 45⁰
as of December 2019. HP Sure View is an optional feature that must be configured at purchase and is designed to function in landscape orientation.
34. HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.
35. HP Wolf Security for Business requires Windows 10 and higher and higher and higher, includes various HP security features and is available on HP Pro, Elite and Workstation products. See product details for included security
features and OS requirement.
36. For general business laptops and desktops AMD Memory Guard, full system memory encryption, is included in AMD Ryzen PRO and Athlon PRO processors.
37. Based on HP’s internal analysis of mobile devices in its class with optional, physically embedded, hardware based, reflective privacy screen. Most effective based on an average of .32% luminance reduction in privacy mode at 45⁰
as of December 2019.
38. HP Wolf Security Controller is not available as a standalone product and required HP Wolf Pro Security Service. For full system requirements, please visit http://www.hpdaas.com/requirements.HP services are governed by the
applicable HP terms and conditions of service provided or indicated to Customer at the time of purchase. Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected
by the HP terms and conditions of service or the HP Limited Warranty provided with your HP Product.
39. Based on HP’s internal analysis of isolation backed, deep learning endpoint security services including SaaS and managed services. Most advanced based on application isolation and AI-based protection with machine learning and
deep learning on Windows 10 and higher and higher and higher PCs as of March 2020.
40. MITRE does not claim ATT&CK enumerates all possibilities for the types of actions and behaviors documented as part of its adversary model and framework of techniques.
41. The world’s most advanced privacy in its class based on HP’s internal analysis of optional, physically embedded, hardware based, privacy screens for laptops. Most advanced based on an average of .32% luminance reduction in
privacy mode at 45⁰ as of December 2019.
42. HP Sure View Reflect integrated privacy screen is an optional feature that must be configured at purchase and is designed to function in landscape orientation.