The Secret Sauce Behind Dell Trusted Devices
- November 1, 2023
Ever wonder what makes our devices the industry’s most secure commercial PCs? 1 Dell Technologies commercial PCs come equipped with two unique endpoint security capabilities: Dell SafeBIOS and Dell Trusted Device (DTD) software. Let’s break down each and look at how they work together to secure your device.
Dell SafeBIOS is a collection of capabilities that mitigate the risk of BIOS and firmware tampering with integrated firmware attack detection. It consists of Dell unique IP, as well as partner technology. We combine these capabilities to help ensure devices are secure at the BIOS level, an area that traditionally lacks protection but is most certainly known by hackers as an area to exploit if vulnerable. Attacks at the BIOS level can be stealthy and create havoc. And when malware owns the BIOS, it owns the PC and access into the network.
Some of these capabilities are industry standards, like Intel Boot Guard and BIOS Guard. The others are provided uniquely by Dell, such as Indicators of Attack, or IoA, which detects potentially malicious modifications to BIOS attributes. Another example of a Dell-provided capability is Image Capture for Forensic Analysis, which goes beyond a typical solution to simply revert to the known-good BIOS. This capability can capture the image of the corrupt BIOS and make it available for forensic analysis, helping harden the device. It gives security operations centers (SOCs) the ability to analyze what happened to help prevent future attacks.
Dell and our partner BIOS protections are independently strong. But security is a team sport, so Dell has joined forces with leading partners to bolster security “below the OS” where all too many attacks originate today.
SafeBIOS IoA and Image Capture both demonstrate where Dell leads the industry in BIOS protections. So how do you benefit from all of that telemetry? This is where DTD software comes in. DTD software maximizes SafeBIOS capabilities by communicating endpoint telemetry between the device and a secure Dell cloud, providing unique below-the-OS insights into security “health.”
The data transmitted provides assurance that the BIOS is being measured. If any feature reports unexpectedly change, the IT administrator is notified of possible tampering.
DTD software provides telemetry to enable a number of features under Dell SafeBIOS such as IoA and BIOS Verification, which detect tampering of BIOS firmware. It also provides Intel ME (Management Engine) Verification, which verifies the integrity of highly privileged ME firmware by comparing ME firmware found on the platform with previously measured hashes (stored off-host), and our Health Score, a feature that aggregates various indicators into one easy-to-read security score.
The administrator can find notifications in the Windows Event Viewer, a log of application and system messages, including errors, information messages and warnings. It’s a useful tool for troubleshooting problems.
One of the key advantages of DTD software is that it works in many of our customers’ environments, thanks to our extensive partner integrations. In fact, only Dell integrates device telemetry with industry-leading software to improve fleet-wide security.1 This results in true hardware-assisted security.
DTD software can send telemetry to third-party security software, such as CrowdStrike Falcon2 and VMware Carbon Black,2 as well as endpoint managers, such as Microsoft Intune and Carbon Black Cloud, and SIEMs, such as Splunk.
Not only do these integrations improve threat detection and response with a brand-new set of device-level data, but they also help you make the most of your software investments. Knowing how much our customers value the ability to view (e.g., security alerts) within their preferred environments, we continue to release updates to DTD software enabling greater integration capabilities. This fall, for example, we expanded key feature integrations in the Intune environment. Now, Intune admins can view additional data from BIOS Verification, Intel ME Firmware Verification and Secured Component Verification (or SCV, a Dell-unique component integrity check), with added capabilities coming in future DTD releases.
If you own or manage Dell commercial PCs, you’re likely already benefiting from these protections—all included in the cost of the device.
All Dell commercial PCs include Dell SafeBIOS and immediately improve the security of any fleet with these built-in features.
If you’ve purchased a commercial device since August 2023, your PC shipped with DTD software. We now pre-install DTD software at our factories and ship with the “standard” image. For older devices or for organizations that prefer to use their own image, go here to download and install the software.
To learn more about SafeBIOS, Dell Trusted Device and other device-based protections Dell offers, download our white paper for more details. As always, reach out to your representative with questions or contact us here.
1Based on Dell internal analysis, September 2023. Applicable to PCs on Intel processors. Not all features available with all PCs. Additional purchase required for some features.
2Available for selected SKUs. Additional purchase may be required. Reach out to [email protected] to learn more.