HP Inc. has announced enhancements to its HP Wolf Security endpoint protection portfolio, with the launch of Sure Access Enterprise (SAE) .
SAE protects users with rights to access sensitive data,
systems, and applications. It prevents attackers from hi-jacking these
privileged sessions – even if the users’ endpoint device is compromised, the
access to high value data and systems can remain secure. This stops minor
endpoint breaches turning into major security incidents.
Available for both HP and non-HP devices, SAE leverages HP’s
unique task isolation technology to run each privileged access session within
its own, hardware-enforced virtual machine (VM).
This ensures the confidentiality and integrity of the data
being accessed, isolating it from any malware in the endpoint operating system.
Users are free to conduct privileged, non-privileged, and personal activities
securely from one machine. This improves user experience, reduces IT overheads,
and enhances protection.
“Gaining access to a privileged users’ device is a critical
step in the attack chain. From here, an attacker can scrape credentials,
escalate privileges, move laterally, and exfiltrate sensitive data.” comments
Ian Pratt, Global Head of Security for Personal Systems at HP Inc. “Sure Access
Enterprise is a unique solution that prevents this escalation, thwarting
attackers.”
Organizations have several types of users that need to access
privileged data, systems, and applications daily. These users range from IT
administrators, IoT and OT support staff, through to customer support and
finance teams.
Allowing these users to perform privileged and
non-privileged tasks on the same PC comes with considerable risk. Even if a
Privileged Access Management (PAM) system is used to control access to
privileged systems, attackers can potentially still usurp privileged sessions,
steal sensitive data and credentials, or insert malicious code and commands
(e.g., via injected keystrokes, clipboard capture, or memory scraping) if the
endpoint is compromised.
Traditional best practice has been to issue privileged users
with separate dedicated Privileged Access Workstations (PAW) that are used
solely for privileged tasks. However, this inconveniences users and increases
IT overheads purchasing and managing two systems.
SAE uses advanced hardware-enforced virtualization to create
protected VMs that are isolated from the desktop operating system and hence
cannot be viewed, influenced, or controlled by it.
Thus, confidentiality and integrity of the application and
data inside the protected VM can be assured, without the operational cost and
complexity of issuing a separate PAW.
“By isolating tasks in protected VMs, which are transparent
to the end user, Sure Access Enterprise breaks the attack chain,” continues
Pratt. “As well as protecting System Administrators accessing high-value
servers, SAE can be used to protect other sensitive assets – for example,
protecting credit card details accessed by customer support at a retailer,
patient data access at a healthcare provider, or connections to an Industrial
Control System at a manufacturer.”
Sure Access Enterprise is available now and features:
- Strong Integrations with Privileged Access Management (PAM) solutions (e.g., CyberArk, BeyondTrust), IPSec remote access tunnels and Multifactor Authentication (MFA).
- Centralized Management to enable separation of duties and flexible policy options – such as locking connections to specific PCs or users or requiring HP Sure View activation for privacy.
- Hardware root of trust, supported by the latest Intel® technologies, to prevent malware from bypassing security controls
- Encrypted, tamper-resistant session logging to track access, without recording sensitive data or credentials, easing compliance.
To learn more, visit:
https://www.hp.com/uk-en/security/endpoint-security-solutions.html