Dell has taken some flak recently due to some security issues found on their machines, which they were quick to fix. Now they are showing further dedication to improving the security of their business PCs and laptops by adding functions that protect the BIOS from malware.
Attacks on a computer’s BIOS certainly aren’t common, but they are hard for typical security software to handle due to the nature of the BIOS and even typical measures such as formatting hard drives and reinstalling operating systems are unable to fix the issue. Dell’s new Data Protection Endpoint Security Suite Enterprise is to include BIOS verification functionality that is able to tackle this potentially vulnerable part of PCs.
The BIOS verification works alongside a cloud server that holds valid BIOS data. When the PC boots up, it sends a copy of its BIOS data to the secure server, where it is tested against official metrics of how the BIOS image should be according to Dell’s BIOS lab. By handling the verification on the server-side, it avoids a compromised PC sabotaging the result of the comparison and ensures any checks take place in a secure environment. Any BIOS that is detected as potentially compromised is then reported to the administrator who can take appropriate actions, with plans to automate a recovery process in the works.
This BIOS verification will be implemented on Dell systems that are based on the sixth generation Intel chipset, which includes the Latitude line of PCs as well as a number of Dell Precision, OptiPlex, and XPS PCs and Dell Venue Pro tablets. The suite will be optional for users of compatible PCs and will cost extra. It is interesting to see where Dell will go with the Data Protection Endpoint Security Suite in future, as its use of artificial intelligence and machine learning to protect against advanced and persistent threats could be the start of something great.