Dell and Carbon Black are combining their distinct threat-intelligence technologies to protect against potentially catastrophic BIOS-level attacks.

The two companies have integrated Carbon Black’s Cloud Audit and Remediation tool with Dell’s recently launched BIOS-protection software.

Dell’s new SafeBIOS Events & Indicators of Attach (IoA) software, available only for its commercial PCs, detects potential BIOS-level attacks. The companies on Thursday said they have created a version of Carbon Black’s tool for Dell’s existing and new commercial PCs.

Engineers at Dell and Carbon Black enabled Carbon Black’s software to capture telemetry from Dell’s SafeBIOS IoA. Dell released SafeBIOS IoA in April, a year after rolling out a BIOS verification tool. The new Dell SafeBIOS IoA detects behavioral anomalies that indicate a potential PC BIOS attack.

BIOS Attack Defined

A BIOS-level attack can be particularly dangerous to an organization because it runs under the operating system. A compromised BIOS could give an attacker unfettered access to data on a PC, including the user’s credentials. Also, depending on the target, a compromised BIOS could give an attacker access to a network and its broader infrastructure.

The partnership between Dell and Carbon Black is not surprising, considering Carbon Black is now part of Dell-owned VMware. Last year, VMware acquired Carbon Black for $2.1 billion, VMware is now a subsidiary of Dell Technologies.

Dell’s David Konetski

“What we are doing here at Dell is we are continuing to advance the ability to protect and then detect and remediate the system, the platform below the OS,” said David Konetski, a Dell fellow and VP for the company’s client solutions office of the CTO. “And now with Carbon Black being in the Dell Technologies family, we have a great outlet for a world-class advanced threat protection solution to be able to integrate these capabilities and provide that one-stop shop endpoint security solution to our customers.”

MSSPs and SOCs

MSSPs and enterprises with security operations centers (SOCs) use Carbon Black’s Cloud Audit & Remediation to detect and mitigate threats. Dell’s SafeBIOS IoA has a capability called “off-host verification,” which administrators can now view in the Carbon Black console.

“We are the only ones who do off-host verification, which means we keep our golden BIOS measurements in a Dell repository that is available to folks like Carbon Black,” said Konetski. “We compare measurements that are done on the machine with our trusted device agent against those measurements that we off-host in the cloud. Then we do a comparison, and if there is a mismatch, we know that something has been corrupted or manipulated. And then alerts are made available to Carbon Black, which can grab those indicators and launch a response.”

Carbon Black’s Scott Lundgren

Carbon Black’s Cloud Audit and Remediation is a SaaS-based tool. The SmartBIOS functions were pushed out to it last week. MSSPs and customers who operate SOCs don’t have to do anything; that’s because the functionality just appears as an added feature in the console, according to Scott Lundgren, co-founder of Carbon Black and CTO of the VMware subsidiary.

Lundgren said Dell engineers did most of the heavy lifting to expose the SafeBIOS capability into the Carbon Black tool.

“Dell did a huge amount of work to make this possible,” Lundgren said. “I’m just exposing a console to a user who knows what to do with it and doesn’t have to go look for it.”