HP Introduces Self-Healing BIOS for Upcoming EliteBooks
SAN FRANCISCO—Hewlett-Packard, which has quietly been hiring new managers in various departments to help give the iconic but struggling company some fresh new ideas, unveiled a forward-thinking new security feature on Sept. 17.
The Palo Alto, Calif.-based IT giant introduced a new self-healing basic input/output system (BIOS) called SureStart that will be installed in its forthcoming EliteBook enterprise laptops. Eventually, it is likely to be added to HP's entire Windows computer lineup.
HP describes SureStart as the industry's "first self-healing technology that automatically restores a system's BIOS to its previously safe state if attacked or corrupted." SureStart is part of a larger HP project, BIOSphere, a firmware ecosystem that automates data protection as well as configurability and manageability for all HP business PCs.
For the record, the BIOS is a de facto-standard firmware interface built into all IBM-compatible PCs and is the first software run by the PC when powered on. The fundamental purposes of the BIOS are to initialize and test the system hardware components and to load a bootloader or an operating system from a mass memory device.
The BIOS also provides an abstraction layer for the hardware—a consistent way for application programs and operating systems to interact with the keyboard, display and other input/output devices. The BIOS basically runs a script and tells the PC what to do.
HP, not particularly known for being a security pioneer, now has taken security matters into its own hands.
"We've taken the time to write our own proprietary HP BIOS, which thinks about device protection from the silicon up," Michael Park, HP's new vice president of strategy and product management for enterprise computing, told eWEEK.
"What's happening now is that a lot of the malware coming into systems isn't coming into the OS (operating system) level. It comes in under the OS; it takes over the BIOS, and then it tricks the OS into thinking it's a secure machine," Park said.
"It's called rooting. That's why people in enterprises are hesistant to bring in Android devices because they're easily rootable. And if you can root the device, it doesn't matter what security you put on the OS; you can come in under it and take it over."
What HP did was create a reference point in the PC processor "where we store an HP BIOS that only HP can access," Park said. "When the machine boots, before the BIOS runs, it does a sub-check against the reference BIOS. If it's the same, it goes right into the boot sequence. If it sees any kind of change, it initiates a sequence to rewrite the BIOS, so you will never have a blue-screen BIOS failure."
This is not all HP has been doing in security. Other new products that will provide real-time threat disruption and self-healing IT include:
—HP Threat Central, which HP claims is the industry's first community-sourced security intelligence platform to facilitate automated, real-time collaboration among organizations in the battle against active cyber-threats.
—HP TippingPoint Next-Generation Firewall addresses risks introduced by cloud, mobile and bring your own device (BYOD) by delivering reliable security with granular application visibility and control.
—HP ArcSight and HP Fortify offer data-driven security technologies, including Application View, Management Center, Risk Insight and Enterprise Security Manager v6.5c, that empower security operations teams to run more effectively with accelerated and real-time application-level threat detection.
HP will be unveiling its fall lineup of enterprise and consumer laptops, notebooks, tablets and printers during the next few weeks. eWEEK will cover the launches.