Introduction
SecureSense provides detailed information about each individual endpoint related to the system, CPU, memory, storage and more.
This information provides the building blocks for FirmGuard analysis of endpoint health, status, and security posture. In addition, SecureSense data powers the FirmGuard dashboard and reporting engine and when combined with other FirmGuard metrics provides an unprecedented platform to manage various aspects of the endpoint including BIOS firmware security.
Legacy BIOS Mode Detection
SecureSense is one of many features within FirmGuard for BIOS firmware security (another is SecureCheck). One particularly important BIOS firmware related metric in SecureSense is “Legacy BIOS Mode Detection.”
When the Windows operating system is installed on an endpoint there are two possible installation modes:
- UEFI mode or
- Legacy mode
UEFI mode is preferred because it is more modern and secure. In practice there is no reason for an endpoint to be in legacy mode and SecureSense will immediately alert an administrator if the operating system is installed in “Legacy BIOS” mode. The administrator should take immediate action to mitigate this situation. There are two ways to solve the problem:
- Reinstall Windows and make sure to put it into UEFI mode or
- Retire the endpoint and replace it with a new machine. The latter is sometimes necessary because older endpoints may not support UEFI mode.
FirmGuard Dashboard
Note: BitLocker Status is another key endpoint metric that administrators often monitor and report on. SecureSense tracks the status of BitLocker for each endpoint under management.
Inventory Control: SecureSense provides conventional system information about an endpoint that can sometimes be obtained from other sources as well, but one set of metrics that FirmGuard customers often find helpful are the individual part or serial numbers of memory and physical storage on the endpoint. This is particularly important if you are providing custom hardware to clients and want to ensure that original parts are still present in the endpoint.