For each security pillar (Measure, Manage and Mitigate), there is a suite of FirmGuard features that specifically addresses the needs of that pillar. For example, in the measurement phase there is “SecureCheck,” “SecureBeat,” and “SecureSense.” Below are descriptions of each “Secure” feature.
SecureCheck: Revalidates an endpoint’s chain of trust, ensuring secure operation by establishing that the correct OS version is running and confirming the root of trust between hardware, firmware, and OS. This feature can be run manually or at automatically scheduled intervals such as weekly or monthly. An MSP administrator can check device firmware status at a glance via an indicator in the portal.
SecureBeat: Maintains a secure heartbeat between the endpoint and the FirmGuard cloud server. A loss of beat is the first indication or alert of possible endpoint related issues. With SecureBuilder workflows can be constructed to automatically take mitigation steps (e.g., lock hard drive) if the beat is missing for an unexpected period.
SecureSense: Remotely monitor endpoint status and health to detect unusual or suspicious behavior. The feature specifically monitors firmware status (i.e., vendor, version, last update, etc.), endpoint inventory (i.e.,system make/model, OS version, etc.) and endpoint metrics (i.e., CPU, disk and memory utilization, etc.).
SecureKey: Firmware enforced multi-factor authentication (MFA) using a physical key such as a FIDO/FIDO2 compliant device or USB storage device. The operating system (OS) will not load without the configured secure key. Configuration can be done remotely by an MSP administrator via the portal
SecureConfig: Remotely configure BIOS settings across an array of endpoints. Greatly streamlines and consolidates administration of BIOS settings across an entire organization. With this feature MSP administrators can easily enable or disable firmware settings to ensure proper security configurations.
SecureUpdate: Identifies the current firmware version and provides an indication when a newer version is available. An administrator can remotely update to the latest (or older) version across an array of endpoints. Adheres to UEFI capsule update guidelines NIST SP 800-147 & NIST SP 800-193. One of the best ways to prevent a firmware level attack is to proactively update to the latest firmware version.
SecureBuilder: An automation and workflow engine that can be used to pre-schedule tasks or trigger certain actions. For example, it could be used to regularly schedule (e.g., monthly) a SecureCheck initiated reboot of select endpoints. Both simple and complex workflows can be constructed and may involve any other feature such as SecureBeat, SecureLock or SecureWipe.
SecureClone: A method to duplicate an endpoint’s hard drive contents to a different location. The duplication can be easily performed from the same single pane of glass (portal) that is utilized by all other features. The duplication can be part of a workflow or done proactively to perform forensic analysis or recover lost work.
SecureLock: Locks hard drive at the firmware level to prevent unauthorized access without the administrator generated password key. Without entering the key and unlocking the hard drive the endpoint cannot boot the operating system. Can potentially prevent ransomware attacks that seek to lock the hard drive contents. Protects data at rest, even if the hard drive is moved to a different system.
SecureWipe: Remotely performs a forensic wipe (at the bit level) of SSD, HDD and other mass storage devices independent of the operating system. Supports hardware erase methods such as ATA and NVMe secure erase, OPAL password/PSID revert, and multiple industry standard software algorithms such as DoD5220.22-M
