Lauren Miller

Key HP Innovations in Their Manageable and Secure PCs HP Innovation Why It’s Needed • Malware today is being designed to attack your PC at its very foundation— the BIOS • A successful attack on the HP Sure Start Gen3 Protects your PC from attacks at the BIOS BIOS can be undetectable with anti-virus programs and can even survive a disk wipe/OS reinstall • Passwords no longer provide the level of security required for today’s security threats • Weak passwords are a HP Multi-Factor Authenticate popular attack vector for hackers Lets you require multi-factor authentication to access users’ PCs • To secure an entire fleet of PCs, IT admins must be able to manage security settings remotely • Microsoft System Center HP Manageability Integration Kit (MIK) A plug-in for Microsoft SCCM to make it easy for IT to remotely manage security on HP PCs Configuration Manager (SCCM) is a popular tool to do this • Today, an IT admin needs to develop their own plug-in for SCCM to manage new features/policies on PCs How It Helps • HP Sure Start protects/ detects/recovers in case of an attack or firmware corruption • HP Sure Start Gen3 protects the SMM to make Windows 10 even more secure Use Case • Employee clicks a link that is actually a phishing attack on the BIOS • HP Sure Start Gen3 detects the attack, protects the PC, and recovers the uncorrupted BIOS • With HP MIK, your IT admin can enforce Sure Start settings and retrieve event logs on attacks • Combining two authentication factors makes it much harder to hack passwords • HP hardens factors by storing them on a chip, where the authentication factors are no longer accessible to the OS • HP has done the hard work for IT admins with the HP MIK plug-in for Microsoft SCCM • Saves time and enhances security with remote management of security settings and policies • User has same password for PC login and favorite shopping websites • Hackers steal credentials from shopping site and now have the login to user’s PC • With HP Multi-Factor Authenticate, your IT admin could create a policy to require a hardened fingerprint, in addition to a password • Traditionally, an IT admin needs to be physically present with a USB key to update TPM firmware • With HP MIK Microsoft SCCM, this can be deployed remotely • HP MIK is the only management toolkit certified for Microsoft SCCM Continued › Additional HP Security Innovations HP Innovation Why It’s Needed • Mobile workers in public locations are at risk of onscreen data being stolen by a visual hacker • In a recent study, 91% of visual HP Sure View Integrated Privacy Screen Helps protect onscreen data from visual hacking in a public environment hacking attempts were successful • With 60% of people taking their How It Helps • HP Sure View is the only integrated PC privacy screen • Activating privacy mode is as simple as pressing FN + F2 • Visual protection starts when others are 35° from the center • HP Work Wise will automatically when you walk away, even for a brief moment lock and unlock your PC based on adjustable proximity to your smartphone • It can also send alerts to your smartphone when it detects attempts to tamper with your PC HP Work Wise Notifies you if your PC is tampered with and automatically locks your PC when you step away confidential document in an airport lounge • A visual hacker could use their phone to record the employee’s screen enabled the visual hacker can’t see any onscreen data • It is easy to forget to lock your PC without your realizing it • Employee is working on a • However, with privacy mode work outside of office walls, the potential risk is significant • Your PC could be compromised Use Case • HP Work Wise is the first smartphone app for PC tamper detection • A user walks away from their PC to go to lunch, but forgets to lock it, leaving confidential information visible • HP Work Wise locks the PC when the user’s phone moves out of range • Additionally, while the user is away at lunch, HP Work Wise sends a tamper detection alert to their phone after someone plugs in a USB drive • User phones building security to investigate • Companies may need to allow authorized users to access sensitive data, but restrict the ability to copy the data onto an external device HP Device Access Manager Protection against data leaving the PC, either by accident or intentionally (malicious or otherwise) • Port and device access that can be managed: • Speaker, microphone, and webcam • Biometric devices • Bluetooth, wired Ethernet, WLAN • COM and LPT ports • Smart Card and Proximity Card readers • Removable media • 81% of IT and IT security practitioners cite insecure Web browsers as a primary attack vector • Every 40 seconds a business was HP Sure Click Secure Browsing Solution attacked with ransomware in Q3 2016 Provides hardware-enforced security for Web browsers, protecting your PC from infected or compromised websites • IT admins can define policies to allow or deny access to devices or ports on PCs • If a port is allowed, it can be configured for specific users and for a specific window of time • An insurance company has defined a security policy to restrict access to USB devices, but there is a need to upload photos of a claim from a camera • IT admins create a policy allowing 5 minutes of access to a USB port upon successful authentication of an authorized user’s fingerprint • Each Web browser tab is opened • Employee accidentally clicks automatically in a CPU-isolated a link that takes them to an infected website micro virtual machine • Malware affecting one tab has no impact on any other tab, app, or the OS • Just close the tab and the malware is gone Contact an Account Manager for more information. Business Solutions Enterprise Solutions Public Sector Solutions - - - www.connection.com/HP ©2017 PC Connection, Inc. All rights reserved. Connection®, PC Connection®, GovConnection®, MoreDirect®, Softmart®, and we solve IT™ are trademarks of PC Connection, Inc. C- • Malware runs in a hardware‑ enforced micro virtual machine with that browser tab • When the employee closes the browser tab, the micro virtual machine closes, discarding everything inside, including the malware