world’s most secure and manageable pcs - hp.com · summary of security functionality –...

World’s Most Secure and Manageable PCsClaim Substantiation

© Copyright 2016 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties forHP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should beconstrued as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

World’s Most Secure PCs**Based on HP’s unique and comprehensive security capabilities at no additional costamong vendors with 1M annual unit sales as of Nov. 2016 on HP Elite PCs with 7th

Gen and higher Intel® Processors, Intel® integrated graphics, and Intel® WLAN.

**Based on HP’s unique and comprehensive security capabilities at no additional cost and HP’s Manageability Integration Kit’s management of every aspect of a PC

including hardware, BIOS and software management using Microsoft System Center Configuration Manager among vendors with 1M annual unit sales as of Nov. 2016

on HP Elite PCs with 7th Gen and higher Intel® Processors, Intel® integrated graphics, and Intel® WLAN.

World’s Most Secure & Manageable PCs**

© Copyright 2016 HP Development Company, L.P.

Summary of Security Functionality – Notebooks (Nov 2016)Features Description HP Dell Lenovo Apple Fujitsu Toshiba Samsung Acer ASUS

Unique to HP

Sure Start Gen3 provides BIOS malwareprotection

Automated; Factory deployed; BIOS Protection at startup; Dynamic Protection; Runtime Firmware Intrusion Detection; BIOS Policy and config protection

✓ x x x x x x x x

Hardware Root of Trust Provides a platform and chipset agnostic cryptographic trust path; Ensure platform starts in a trusted state ✓ x x x x x x x x

Device Access Manager protects dataExfiltration of data via removable media including USB, Printers, CD/DVD, SD Micro, etc.; with Just-in-Time authentication; Policy driven port control

✓ x x x x x x x x

Master Boot Record (MBR) Security Protect and mitigate against rootkits ✓ x x x x x x x x

GUID Partitioning Table (GPT) security Protect and mitigate against rootkits ✓ x x x x x x x x

HP Automatic DriveLock Restrict drive use to authorized platform ✓ x x x x x x x x

Secure ErasePermanently destroys data on hard drive for disposal/redeployment; Sanitizes SSD and hard disk drives; Meets SP800-88r1 clear orpurge level

✓ x x x x x x x x

HP SpareKey Password reset authentication via challenge questions ✓ x x x x x x x x

Comprehensive Encryption

Data protection across Data on device; Data on external media; Self-encrypting drives ✓ ✓ x x x x x x x

Other Secure network from every touchpoint ✓ ✓ x x x x x x x

Management Centralized & remote management of endpoint security ✓ ✓ x x x x x x x

Flexible encryption options Simplified BitLocker management; FIPS 140-2 protection for systems disks ✓ ✓ x x x x x x x

Optional Hardware Encryption Crypto Accelerator ✓ ✓ x x x x x x x

Deployment options Factory installation ✓ ✓ x x x x x x x

Compliance One-touch preset compliance ✓ ✓ x x x x x x x

Strong Authentication

Authentication options FIPS 201 certified smart card; FIPS 201 certified fingerprint readers; RSA SecureID ✓ ✓ x x x x x x x

Security Tools enableMultifactor; Single sign-on (Password Manager as SSO); Preboot authentication; Integrated management; with your encryption policies

✓ ✓ x x x x x x x

FIPS 140-2 certified TPM for Secure Credential storage ✓ ✓ x x x x x x x

Hardware controlled chip forIsolating user passwords and credentials; Stronger protection from unsecured operating systems; Stronger protection from unsecured physical hard drives

✓ ✓ x x x x x x x

Malware Protection

Proactive malware protection in real-time

Automatically detects malware behavior in real-time; Automatically blocks malicious behavior in real-time; Address zero-day attacks ✓ ✓ x x x x x x x

Other Easy to deploy; Completely unobtrusive to users; Employee workflow is uninterrupted ✓ ✓ x x x x x x x

All information obtained from each competitor's official, publicly available website© Copyright 2016 HP Development Company, L.P.

Features Description HP Dell Lenovo Apple Fujitsu Toshiba Samsung Acer ASUS

Data Protection

Authentication ✓ ✓ x x x x x x x

File based data encryption ✓ ✓ x x x x x x x

Advanced Threat Prevention ✓ ✓ x x x x x x x

APT ✓ ✓ x x x x x x x

Malware ✓ ✓ x x x x x x x

Secure cloud protection for laptops, DT $ $ x x x x x x x

Resilient and Easy recovery ✓ ✓ x x x x x x x

Data loss incidents $ $ x x x x x x x

User Error $ $ x x x x x x x

Ransomware $ $ x x x x x x x

Malware attacks $ $ x x x x x x x

Robust encryption ✓ ✓ x x x x x x x

File protection ✓ ✓ x x x x x x x

File sync $ $ x x x x x x x

RSA SecureID $ $ x x x x x x x

Strong, advanced authentication $ $ x x x x x x x

Context based access control $ $ x x x x x x x

Single sign-on $ $ x x x x x x x

Secure Access to web and SaaS apps, native mobile apps, enterprise resources

$ $ x x x x x x x

Threat Detection & Response

RSA Netwitness $ $ x x x x x x x

Behavioral analytics $ $ x x x x x x x

Machine Learning $ $ x x x x x x x

Rapidly detect and focus investigations $ $ x x x x x x x

Accelerate response and remediation $ $ x x x x x x x

APT and malware $ $ x x x x x x x

Summary of Security Functionality – Notebooks (Nov 2016) continued

© Copyright 2016 HP Development Company, L.P. All information obtained from each competitor's official, publicly available website

Summary of Security Functionality – Detachables (Nov 2016)Features Description HP Dell Microsoft Lenovo Apple Fujitsu Toshiba Samsung Acer ASUS Huawei

Unique to HP

Sure Start Gen3 provides BIOS malware protection

Automated; Factory deployed; BIOS Protection at startup; Dynamic Protection; Runtime Firmware Intrusion Detection; BIOS Policy and config protection

✓ x x x x x x x x x x

Hardware Root of Trust Provides a platform and chipset agnostic cryptographic trust path; Ensure platform starts in a trusted state ✓ x x x x x x x x x x

Device Access Manager protects dataExfiltration of data via removable media including USB, Printers, CD/DVD, SD Micro, etc.; with Just-in-Time authentication; Policy driven port control


Master Boot Record (MBR) Security Protect and mitigate against rootkits ✓ x x x x x x x x x x

GUID Partitioning Table (GPT) security Protect and mitigate against rootkits ✓ x x x x x x x x x x

HP Automatic DriveLock Restrict drive use to authorized platform ✓ x x x x x x x x x x

Secure ErasePermanently destroys data on hard drive for disposal/redeployment; Sanitizes SSD and hard disk drives; Meets SP800-88r1 clear or purge level


HP SpareKey Password reset authentication via challenge questions ✓ x x x x x x x x x x

HP Image Assistant Limited firmware update support, dependency info for softpaq, assists with Windows OS migration ✓ x x x x x x x x x x

HP WorkWise Automatically locks PC; gives user real-time updates of tampering ✓ x x x x x x x x x x

Integrated Authentication

Certified authentication options2 FIPS 201 certified smart card; fingerprint reader; IR cam, RSA SecureID $ $ x x x $ x x x x x

Security Tools enableMultifactor; Single sign-on (Password Manager as SSO); Preboot authentication; Integrated management with your encryption policies

✓ ✓ x x x x x x x x x

FIPS 140-2 and TCG-certified TPM Secure Credential storage ✓ ✓ ✓ x x x x x x x x

NFC ✓ ✓ x x x ✓ ✓ ✓ x x x

Self-encrypting hard drive ✓ ✓ x x x x x x x x x

Hardware controlled chip Isolating user passwords and credentials; Stronger protection from unsecured operating systems; Stronger protection from unsecured physical hard drives


Data Protection

Proactive malware protection in real-time

Automatically detects malware behavior in real-time; Automatically blocks malicious behavior in real-time; Address zero-day attacks


Other Easy to deploy; Completely unobtrusive to users; Employee workflow is uninterrupted ✓ ✓ x x x x x x x x x

Advanced threat protection and enterprise-class encryption

BIOS verification technology to notify IT of BIOS tampering on commercial systems, SS, Windows Defender ✓ $ x x x x x x x x x

Data backupFile de-duplication, fast recovery, alerts, reporting; backups protected by encryption; entire solution self-maintained by end user, One Drive, Box.net 5GB

$ $ $ $ $ $ $ $ $ $ $

Remote data erase Remote monitoring and data erase capabilities, asset tracking $ $ $ $ ✓ x x x x x x

Protection for office documents Centrally managed enterprise solution that offers protection for Office documents $ $ x X x x x x x x x

Advanced malware protection (SaaS) Uses Cylance’s advanced threat prevention to manage malware before it can affect a host (SaaS solution) $ $ x x x x x x x x x


Features Description HP Dell Microsoft Lenovo Apple Fujitsu Toshiba Samsung Acer ASUS Huawei

Data Protection

RSA Net RSA NetWitness® Endpoint: monitors and collects activity across all endpoints $ $ x x x x x x x x x

Absolute Data & Device Security Delivers insights and remediation via a two-way connection to each device that can survive an OS reinstall or hard-drive wipe $ $ $ $ $ $ $ $ x $ x

Data protection on device and external media

Software-based Data Centric Encryption enforces encryption policies ✓ ✓ x x x x x x x x x

Data protection on self-encrypting drives


Centralized and remote management of endpoint security

✓ ✓ $ $ $ $ $ $ $ $ $

Flexible encryption Simplified bitlocker management; FIPS 140-2 protection for system disks ✓ ✓ x x x x x x x x x

Optional hardware encryption Crypto accelerator ✓ ✓ x x x x x x x x x

Deployment options Factory installation ✓ ✓ x x x x x x x x x

Compliance One-touch preset compliance ✓ ✓ x x x x x x x x x

Summary of Security Functionality – Detachables (Nov 2016) continued


Summary of Security Functionality – Desktops (Nov 2016)Features Description HP Dell Lenovo Apple Fujitsu Acer ASUS

Unique to HP

HP Sure Start Gen3 provides BIOS malwareprotection

Provide automated data protection; BIOS Protection at startup; Dynamic Protection; Runtime Firmware Intrusion Detection; BIOS Policy and config protection

✓ x x x x x x

HP Sure Click Secures your computer when you browse the Internet.✓

x x x x x x

Device Access Manager protects dataProvide exfiltration of data via removable media including USB, Printers, CD/DVD, SD Micro, etc.; with Just-in-Time authentication; Policy driven port control

✓ x x x x x x

GUID Partitioning Table (GPT) security Protect and mitigate against rootkits ✓ x x x x x x

HP Automatic DriveLock Restrict drive use to authorized platform ✓ x x x x x x

HP SpareKey Password reset authentication via challenge questions ✓ x x x x x x

HP Multi-Factor Authenticate Confirm identity of users by using up to 2 hardened factors at the same time, enabled by Intel® Authenticate ✓ x x x x x x

Single Console Security

Dell Data Protection | Endpoint Security Provide Advanced Threat Prevention, Web protection and Host-based firewall, Encryption ($76/year with device)* $ $ $ $ $ $ $

Comprehensive threat protection Threat protection via various capabilities including virtualization ✓ ✓ ✓ ✓ ✓ $ $

Authentication and access management Provide Authentication and access management via Intel Authenticate or otherwise ✓ ✓ ✓ $ ✓ ✓ ✓

Encryption Provide encryption of data via Bitlocker or otherwise ✓ ✓ ✓ $ ✓ ✓ ✓

Centralized Remote Management

Dell Data Protection | Encryption Streamline deployment, Mitigate risks of data breaches, Customize data protection, Minimize downtime ($55/year with device)* $ $ $ $ $ $ $

Data back up and restoration solutions Protect data with Mozy®, cloud-based backup, sync and recovery software. Mozy® allows for immediate recovery of data, ✓ ✓ $ $ $ $ $

Compliance right out of the box Preset governance and compliance profile templates available✓

$ $ $ $ $ $

Protect data on any device Encrypt valuable information stored on laptops, smartphones, USB drives and other devices✓

$ $ $ $ $ $

Secure Credential Storage

Secure Credential StorageDell Controlvault/HP-Intel Authenticate Securing Encryption Keys, Controlling Access To Reference Templates, Isolating Usage of Keys and Templates, Code Storage

✓ ✓ x x x x x

TPM 2.0 Provides ability to update TPM firmware (1.2<->2.0; convert to FIPS mode) ✓ ✓ ✓ x $ ✓ $

Extra layers of hardware security Hardened factors and related capabilities (Securing encryption keys, controlling access to reference templates, securing code storage) ✓ ✓ x x x ✓ x

Isolating user passwords and credentials on a separately controlled hardware chip

Hardened credentials ✓ ✓ x x x ✓ x


Summary of Desktop Security Functionality – Desktops (Nov 2016) continuedFeatures Description HP Dell Lenovo Apple Fujitsu Acer ASUS

Authentication options

Authentication Only authorized users have access ✓ ✓ x x x x x

Contact-less Smart Card Keyboard Credential options ✓ ✓ x x x x x

Password Manager Users password authentication/Password recovery ✓ ✓ ✓ ✓ ✓ x x

Stop advanced malware

Dell Data Protection | Protected Workspace Containment, Detection, Prevention,12-months free for Dell customers $ $ $ $ $ $ $

Launches apps in a virtualized container Endpoint virtualization (Available from Dell or Bromium to all customers)✓

$ $ $ $ $ $

Restores a safe environment in minutes Secure environment (Available from Dell or Bromium to all customers)✓

$ $ $ $ $ $

Device Security via companion device

Lock/Unlock Lock and unlock based upon proximity of companion device to PC ✓ x ✓ x x x x

SecureErase

SecureErasePermanently destroys data on hard drive for disposal/redeployment; Sanitizes SSD and hard disk drives; Meets SP800-88r1 clear orpurge level

✓ ✓ x x x x x


Summary of Manageability Functionality – Notebooks/ Desktops/ Detachables

Features Description HP Dell Lenovo Fujitsu Others

Security

Authentication Options Remote management of Authentication Options available to local PC users. ✓ x x x x

Credential Management Remote management of available credential to users and ability to enforce use certain credentials. ✓ x x x x

Multifactor Authentication Remote management to require local PC user to use more than one method of identity for login in. ✓ x x x x

Port control Management Remote management to control ports (i.e. USB) that are enable for user. ✓ x x x x

Just In Time Authentication (JITA) Remotely set requirement for user to input password to use PC ports (USB). ✓ x x x x

TPM Management Remotely upgrade or downgrade TPM FW. ✓ x x x x

HP Sure Start Policies Remotely set Sure Start policies such as BIOS enabling/disabling of automatic recovery if issues found. ✓ x x x x

Device Guard Remotely setup BIOS settings to support Device Guard. ✓ x x x x

Image Development & Deployment

Create Client Boot Image Assist in creating WinPE image with WinPE Driver Pack ✓ ✓ ✓ x x

Create Bare Metal OS Image Assist in creating Win 7/Win 10 image and supply sample OS deployment task sequence. ✓ ✓ ✓ x x

BIOS Configuration via script Prepopulate sample Task Sequence to show how to use BCU to set BIOS settings as part of image deployment. ✓ ✓ ✓ ✓ x

Create Deployment Task Sequences Sample task sequence for Raid, Disk Partition ✓ ✓ ✓(No Create)

x x

Download and Import Driver Packs Download and import Driver Packs into Win 7/10 image ✓ ✓ ✓ x x

Custom Reboot script Ability to customize when device reboots occur during image deployment. ✓ ✓ ✓ x x

BIOS

Integrated BIOS plugin Display user interface within MS SCCM to set BIOS settings ✓ x x x x

HP WorkWise

Automatic Lock and Unlock of user PC Remotely activate feature: via Bluetooth (Phone) sense if user is near and lock/unlock as needed. ✓ x x x x

Tamper Detection Mode Remotely activate feature: detect when a DT/NB that should not be moved is or tampered with (Phone). ✓ x x x x

Detection and remediation of a Hot PC Remotely activate feature: detect a Hot PC and notify the user (Phone). ✓ x x x x

Automatically Install Printer Driver Remotely activate feature: Allow PC to automatically install printer driver, notify user first (phone). ✓ x x x x

Languages

Multi-language Support English, French, German, Spanish, Japan English English English English x


world’s most secure and manageable pcs - hp.com · summary of security functionality –...

Documents