Stomp Out BIOS Level Threats with Hardware Assisted Security

When it comes to combating cyberattacks, speed is everything. For cybersecurity to be effective, administrators must be able to see strange behavior in the IT environment and act quickly. This is where "hardware-assisted security"from Dell, CrowdStrike and Intel can help. We're pleased to announce a brand-new integration that shrinks the IT-security gap. By working together, Dell commercial PCs running on Intel® Core™ Ultra processors with Intel vPro® enable deep,BIOS-level visibility inthe Falcon console, allowing administrators to see and stop more breachesbefore they do damage.

Detect BIOS Tampering Faster Than Ever Before

Dell designs commercial PCs with visibility in mind. As a result, they feature several built-in defenses, bolstered by Intel Core Ultra, that are intended to catch suspicious activity. When something out of the ordinary is detected, the Dell Trusted Device Application(DTD App) surfaces telemetry from those built-in features to the operating system (OS) level so an admin can investigate and respond accordingly. For example, built-in BIOS Verification compares the on-device image to the golden copy Dell stores securely in the cloud. When there's a mismatch, BIOS Verification catches it, and the DTD App pushes a notification to Windows Event Viewer and top endpoint managers, e.g., Microsoft Intune, so end users and IT admins can view it.

Dell can also push this telemetry to the third-party endpoint security solutions like CrowdStrike.

And now, with the recent release of CrowdStrike Sensor 7.17, the existing BIOS verification process gets a massive upgrade by integrating the DTD App with CrowdStrike Falcon. Falcon now natively picks up Dell BIOS Verification telemetry and displays it as an additional check in the console under the 'Manufacturer Verified' widget.

Detect BIOS attestation in CrowdStrike Falcon: With the DTD App enabled, an admin can remotely view telemetry from built-in security features like Dell-unique BIOS Verification* in CrowdStrike Falcon.

This means the PC manufacturerproactively verifies and certifies the BIOS image, rather than Falcon passively pulling the golden copy of the Dell BIOS image hash and performing the verification itself. Not only does this integration provide real-time insight and greater confidence into the ongoing status of highly privileged firmware, but it also streamlines security workflow by delivering device-level telemetry alongside many other data points to a single pane of glass.

Enable this Capability Today

Make sure the latest versions of both the DTD App and the CrowdStrike Falcon sensor are installed. Then, log onto the Falcon console, select 'Investigate' in the menu pane and 'BIOS Prevalence' from the list of options.

Admins also have SIEM compliance capabilities with the integrated solution and can set up their preferred response based on BIOS verification status. For example, if a machine reports 'BIOS Verification Failed,' an admin can set the Falcon sensor to automatically quarantine the device.

For a step-by-step guide of the capabilities discussed above, see our Knowledge Base article.

Shrinking the IT-Security Gap with Hardware-Assisted Security

This integrated BIOS-level visibility and actionability is one of several capabilities Dell, CrowdStrike and Intel are working on to modernize security. In fact,this work is so pivotal, CrowdStrike named Dell its Global Partner of the Year in 2024, a testament to a winning go-to-market strategy.

Dell recognized by CrowdStrike as 2024 Global Partner of the Year at Fal.Con in Las Vegas, a testament to our joint efforts in hardware-assisted security.

Tolearn more how hardware-assisted security helps reduce the attack surface and speed detection of threats down atthe device level,take a test drive with our new interactive demo on the Dell Demo Center (new users, create an account to gain access). You can also download our Solution Briefor reach out to one of our security specialists to see how you can take advantage of these capabilities¹ today.

* Based on Dell internal analysis, October 2024. Applicable to PCs on Intel processors. Not all features available with all PCs. Additional purchase required for some features. Validated by Principled Technologies. A comparison of security features, April 2024.

¹ Requirements: 1) Falcon Sensor 7.17 (available via Falcon Prevent and/or Falcon Insight XDR), 2) Dell Trusted Device 6.3 or later installed, and 3) Intel and Intel vPro processors.

Public link

Please use the above public link if you want to share this noodl on another website.