Dell has added behavior-based threat detection capabilities to its SafeBIOS security system.
The new technology, which is officially named Dell SafeBIOS Events & Indicators of Attack (IoA), continually looks for suspicious modifications to a protected PC’s innermost point of control that could be a tipoff to malicious activity.
“Think of it as a below-the-OS agent that’s running and monitoring BIOS updates and configuration changes,” says David Konetski, vice president for client solutions in the office of the CTO at Dell Technologies.
The system records anything worthy of follow-up it finds in the PC’s Microsoft Windows log file, where it will be visible to technicians via most infrastructure management solutions. “We wanted to make sure that we were using something that was standard,” Konetski says.
At present, he continues, the utility watches for close to 100 behavior patterns indicative of danger. “We’re adding patterns on a regular basis,” Konetski notes.
The new system now comes loaded by default on all devices in Dell’s Latitude, OptiPlex, Precision, and XPS families. Owners of “generation 10” models from those lines introduced in 2019 or this year can download and install the software free of charge as well.
According to Konetski, selling devices protected by SafeBIOS Events & IoA allows partners to highlight their “unique and differentiated” focus on security.
“We believe we’re the only PC OEM that is monitoring the BIOS at this level,” he says.
As security technologies for protecting operating systems, applications, and data have grown more sophisticated in recent years, Konetski continues, hackers have increasingly shifted their focus to the BIOS.
“If I was an adversary and this was going on, I would look for the metaphorical unlocked car,” he says. “Why would I go with a system that has 99.9% efficacy when there might be another way into the system?”
BIOS-level exploits are difficult to execute, Konetski notes. “It’s a very, very difficult attack surface. It’s very protected. It’s very small.” Targeting that surface successfully, though, can pay rich rewards.
“If an adversary is able to infiltrate the system at that level, then they potentially have access into the entire OS layer, the entire application layer, and may even be able to leverage that infiltration laterally, sideways, to get through the network and even back into the enterprise,” Konetski says.
BIOS-level security is not a new priority for Dell, he adds. The company has long shipped technology with its PCs that compares the BIOS during the boot process with a corresponding “measurement” stored separately to confirm that the code hasn’t been altered.
“Dell has been focusing on below-the-OS for really decades now,” Konetski says.
HP has introduced new embedded security protections for its PCs recently too, including a security package aimed at small businesses and an outsourced service intended for midsize companies.