Lenovo Steps Up PC Security Focus with ThinkShield

Written by Jeffrey Schwartz
September 17, 2018

Lenovo’s new ThinkShield adds new authentication, network security and privacy capabilities as well as a new secure life-cycle approach.

(Pictured above: Christian Teismann, senior vice president and general manager, of Lenovo’s enterprise business segment, on stage at the company’s Transform 2.0 event, Sept. 13, in New York City.)

Looking to level the playing field with rivals Dell and HP, Lenovo is broadening how it secures its ThinkPad line of business-class PCs with the addition of its new ThinkShield brand.

ThinkShield, unveiled at Lenovo’s Transform 2.0 event last week in New York City, promises to give partners a better security story and service offering when offering ThinkPads to business customers.

Lenovo describes ThinkShield as both a wide portfolio of security tools and capabilities, but also an approach to the life cycle of its commercial PCs based on secure design and supply-chain principals. The ThinkShield portfolio will provide baseline privacy, authentication, data protection and detection against network vulnerabilities.

“We looked at this end to end, there is no silver bullet around security,” said Christian Teismann, senior VP and general manager of Lenovo’s enterprise business segment. “You have to go through every aspect where security breaches can potentially happen.”

Lenovo ThinkPads that include ThinkShield have security built into the entire life cycle of the PC, starting with processes to ensure BIOS and firmware are designed and processed securely through the supply chain. New design principles also include shutters for cameras and its ThinkPad Privacy Guard security screens built into the devices.

ThinkShield also gives partners and customers access to the Intel Transparent Supply Chain to track the source of components throughout a new system. Lenovo said it has put a structure in place to ensure its suppliers adhere to guidelines aimed at ensuring the security of components. Suppliers must now be willing to undergo spot audits as well.

All systems with ThinkShield will support FIDO, the secure authentication standard offered in Microsoft’s Windows Hello and a wide variety of other authenticators, as well as Intel Authenticate, which provides up to seven-factor authentication. USB ports can be locked down to prevent users from introducing malware or from removing data from devices.

Lenovo is partnering with Coronet to provide Wi-Fi security, preventing users from accessing insecure networks. ThinkShield will include Buffer Zone, a threat-detection tool that will isolate malicious content on a device from its working memory, registry and files, as well as from spreading on the network. It also includes endpoint enrollment and management via a partnership with MobileIron.

While Lenovo claims its PCs have had far fewer reports of vulnerabilities than its rivals, citing industry data, the company has lagged market leaders Dell and HP in stepping up the security profiles of their systems.

“The PC makers all have to have a security story today,” said Bob O’Donnell, president and chief analyst with TECHnalysis Research.

Dell last year extended the capabilities of its Data Guardian, which enforces data-encryption policies based on technology it gained from its 2012 acquisition of Credant, and also has a partnership with Cylance for AI-based threat protection. HP has bolstered the security of its PC line with last year’s addition of SureClick, based on containerization and sandboxing capabilities licensed from Bromium. Earlier this year, HP added SureRun, which monitors for changes in applications and major processes such as AV software.

“They are reach taking a slightly different angle,” O’Donnell said. “The devil will be in the details for how it’s implemented, but Lenovo is taking a very comprehensive view of how they approach security. The fact that they’re branding it ‘ThinkShield’ signals they are making a strong effort.”