Dell Customers: The Most Secure Computers on the Market

[msttasnuvanava]

Security at Dell starts with the client device hardware. Many security vendors approach security as a layer that sits on top of the device as software; however, our approach starts at the deepest layer of the device: the BIOS, which acts as the primary control point in a system, ensuring that all of the hardware on the device works together. Securing the BIOS is critical for all devices because if an attacker gains access to this level, they can take control of the rest of the system.

Dell's suite of client security capabilities is encompassed under the banner of Dell Trusted Devices , a comprehensive approach to client endpoint security that identifies us as the most secure client in the commercial PC industry. It's also important to note that Microsoft itself categorizes Dell computers as Microsoft Secured-core PCs.

Hardware-Level Security Capabilities: Dell SafeID
It consists of a unique security chip in Dell commercial devices that stores and processes user how to get usa whatsapp number authentication credentials at the secure hardware layer instead of a compromised operating system-level software layer. This way, we protect against theft of advanced credential passwords with biometric authentication using fingerprint and smart card readers.

Dell SafeID helps keep your organization’s data safe, whether it’s your intellectual property or customer personal data. Personally Identifiable Information (PII) is critical to data security, hackers are using increasingly sophisticated attacks, and as common threats are thwarted more frequently, cybercriminals are looking for more advanced ways to gain access to critical security information. As organizations rely on client-end security solutions at the software level, such as next-generation antivirus, attacks are being targeted at the hardware layer.

While other manufacturers focus their hardware security efforts solely on the use of the Trusted Platform Module (TPM) chip, Dell uses a second chip called Dell SafeID as an additional hardware security layer. This chip helps protect secure operations by isolating them from the operating system and memory, and instead, all critical data processing and storage takes place on the Dell SafeID chip. Based on these principles, we provide a hardware-based security solution for storing user credentials such as passwords, biometric information and security codes that is not accessible to attackers.

In addition to the benefits described above, here are some of the key features of Dell SafeID in a nutshell:

More secure user credentials thanks to the storage and execution of code on an alternative chip to the TPM chip or the Operating System itself and a set of encryption algorithms such as Suite B and Active ECC.
Using personal authentication, Smart Card, Fingerprint Reader and Contactless to access credentials vs. 160-bit password of the TPM chip
Allows applications to store their encryption keys securely and with strict access control using a Dell SafeID authentication scheme
Key and template isolation – all key and template usage is isolated so that it is never exposed to an insecure host. An example of this feature includes fingerprint reading templates that will never be exposed outside of Dell SafeID security control.
Sealed execution code - Most applications execute their secure operations on the x86 process host, exposing information to attackers. With Dell SafeID, secure operations are executed in an isolated context, preventing any inspection or modification during the execution process.
Securing code storage Many applications store their secure code on the hard drive, making them susceptible to attacks as a hacker can replace parts of the code using different techniques. Dell SafeID stores application execution code in its own secure context.
Hardware-Level Security Capabilities: Dell SafeBIOS

It is a set of specific security capabilities and solutions unique to Dell for the BIOS. It reduces the risk of malicious attacks on BIOS through different protection, verification, analysis and execution mechanisms. These capabilities are detailed below:

BIOS Verification: Automatic BIOS verification, we detect BIOS attacks and generate security alerts. The alert is automatically generated when the current BIOS does not match the stored BIOS image. This indicates a corrupted or attacked BIOS. BIOS verification can be local (on-host) or against Dell security servers (off-host)
BIOS Authenticity Check: Cryptographic verification of BIOS and boot blocking
BIOS Recovery: Automatic BIOS Recovery
BIOS Capture: Stores corrupted or compromised BIOS for analysis which enables forensic analysis to be performed by capturing the corrupted or compromised BIOS image. These types of attacks need to be investigated and the first step is to capture the compromised BIOS.
BIOS Update: Cryptographic verification of the digital signature of the BIOS update
BIOS Runtime Protection : Locks the BIOS so that no changes are made
BIOS Rollback Protection – Allows you to block BIOS updates to previous versions
BIOS Indicators of Attack : BIOS Attack Indicators, visibility and alerts of high-risk configurations or possible manipulations.
Software-Level Security Capabilities: Dell Trusted Device

Dell Trusted Device is the name of the security agent that allows you to take greater advantage of the hardware security capabilities of Dell client computers. Once installed, the client will have access to existing security solutions and future developments related to Dell computer security. It also provides IT with the ability to centrally manage and configure protections and integrates with third-party consoles. Below we proceed to detail the different components and functionalities of the software protection agent.

Dell BIOS Verification Tool
This is a unique tool on the market that allows you to check the integrity of the BIOS through Dell Trusted Device servers in the Dell cloud. Other manufacturers include local BIOS verification tools, but these are susceptible to physical attacks.

Local protection BIOS security solutions do not have the ability to detect if the BIOS or UEFI firmware has been compromised with malware or root toolkits. Forensic analysts do not have access to the compromised BIOS and it is certainly not possible to automate or remediate BIOS attacks.

Dell’s off-host verification tool against the security cloud makes us unique in the market by allowing malware detection in the BIOS by verifying the integrity of the BIOS not only locally but also online. In addition, we allow integration with third-party software, on-demand or scheduled execution of the tool, and automatic image capture of a manipulated BIOS for future forensic analysis.

There is also the possibility to notify end users that a BIOS attack or corruption has occurred by recording an event in the event viewer and saving the results of the scan to a registry key. Finally, this alert can be sent to third-party security monitoring solutions.