Dynabook Europe has announced it is partnering with Microsoft to build the most secure Windows devices available today. The new class of Windows 10 Secured-core PCs is designed with deep integration between hardware and software and features the most advanced CPUs available to ensure resistance to current and future cyber-threats.
Secured-core PCs are intended to handle mission-critical data and protect workers in some of the most data-sensitive industries, such as healthcare providers handling medical records and other personally identifiable information (PII), high profile industries targeted for phishing and other attacks, and businesses that employ mobile workers who require access to business-critical information outside of the office.
“Dramatic developments in digital technologies have fuelled the growth and needs of the mobile workforce. Now in an age of mass data proliferation and an increased threat landscape, organisations need to rapidly adapt to this changing environment. Current network infrastructures were not built with the requirements of today’s security in mind,” said Damian Jaume, Managing Director, Dynabook Europe GmbH. “Devices are often the first line of defence for organisations – but those operating in the most data-sensitive of industries need an added layer of security to ensure comprehensive protection. That is why we’re partnering with Microsoft to develop an integrated hardware and software approach to security.”
The Secured-core PC uses hardware-based security components like Trusted Platform Module 2.0 (TPM) and modern CPUs along with virtualisation-based security (VBS) and Windows hypervisor code integrity (HVCI) service to create a secure, hardware-isolated environment that effectively isolates memory and critical components to prevent attacks and unauthorised access to critical parts of the operating system.
Relying on the advanced security capabilities built into modern CPUs, the Secured-core PC protects the integrity of Windows and its boot process from advanced attacks at the firmware level. The PC uses dynamic root of trust measurement (DRTM) to launch the system into a trusted state by transferring control from the CPU directly to the Windows hypervisor loader via a secured and measured handoff. With the Windows hypervisor securely launched in a state measured by hardware, the VBS environment is then created in memory to isolate critical keys and processes from the regular Windows operation system that will soon be started.
Passwords alone often don’t sufficiently protect system data and identities. To further ensure their safety against theft, compromise and phishing attacks, Secured-core PCs use Windows Hello to prevent user identity and credential-based attacks through a combination of biometric sensors and hardware-based credential storage. This includes the face, fingerprint, secure FIDO2 key, or PIN authentication, while Credential Guard leverages virtualisation-based security (VBS) to block the tools used in such attacks and ensure malware running in the operating system cannot extract authentication tokens.
Whether it’s lost, stolen, or confiscated, one of the historically weakest links in the security chain is physical access to the device itself. A Secured-core PC is a modern Windows device that comes with the highest level of hardware, software and identity protection ready right out-of-the-box. It provides the highest level of protection against potential data loss by guarding against drive-by attacks that can lead to the disclosure of sensitive information or injection of malware. Secured-core PCs block external peripherals from starting and performing Kernel Direct Memory Access (DMA) unless the drivers for these peripherals support memory isolations.
Peripherals with compatible drivers will be automatically recognised, started, and allowed to perform DMA to their assigned memory regions. By default, peripherals with incompatible drivers will be blocked from starting and performing DMA until an authorised user signs into the system or unlocks the screen. In addition, the PCs use BitLocker Drive Encryption to protect user data and ensure that a computer has not been tampered with while the system was offline. These additional security measures provide multifactor authentication and assurance that the PC will not start or resume from hibernation until the correct PIN or startup key is presented.
“We are pleased to see the announcement from Dynabook today. We have partnered closely with Dynabook to ensure these devices meet Secured-core PC engineering criteria, and we are pleased to see the progress we have made together,” added David Weston, Partner Director of OS Security, Microsoft Corporation.
The Dynabook range of 13”, 14”, and 15” Secured-core PCs including the Portégé X30-F, Tecra X40-F, and Tecra X50-F will soon be available in the Middle East.