Lenovo Patch for SCCM
In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans—costing up to $500 million. Protect your devices.
Ready-to-Provision Plus
Eliminates third-party software and allows for five customer-provided scripts to be installed during manufacturing.
Intel Boot Guard
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
Lenovo Self-Healing BIOS
When BIOS is corrupted or maliciously attacked, the BIOS will “self-heal” and revert to known good backup copy.
Remote Supervisor Password Setting by Absolute
Allows IT Administrators to leverage Absolute Persistence 2.0 secure communication framework to set a supervisor password without physical presence.
Lenovo HTTPS Boot
Allows IT Administrators to securely boot from a https network resource.
Intel Hardware Shield
Intel Hardware Shield helps minimize the risk of malicious code injection. This new firmware feature, available in the Intel® vPro™ platform, locks the BIOS when software is running to help prevent planted malware from gaining traction.
3M Filters
Add-on screen filters that protect sensitive data from shoulder surfing/visual hackers
Absolute Software
Provides IT admins with a reliable two-way connection with all of their devices, so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains.
Anti Bridge Switch
A BIOS-level security feature that prevents wired and wireless networking from being active at the same time.
Asset Tagging Service
With Lenovo’s Standard and Enhanced Asset Tagging services, customers can have information-rich, tamper-resistant asset tags affixed to their PC and/or stored in the system’s BIOS before the PC is delivered to them. Asset tags can also be etched into the system lid, if etching is available in country.
BIOS Reading Room
A premium service that allows customers to visually inspect all Lenovo Think commerical products’ BIOS source code in a controlled physical environment. Nearly 2 MILLION lines of source code available for inspection*
C-TPAT Logistics
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protec- tion throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visi- tors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
Device Registration
The ability to notify Lenovo of a stolen or lost system and to have Lenovo designate it as such in our master global warranty entitlement database.
HVCI Compliant Drivers
Lenovo’s device drivers fully support Device Guard, Boot Guard and Credential Guard (Intel Security features)
Intel Boot Guard
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
ITC First Boot Service
Lenovo’s First Boot Services (FBS), shifts unattended first boot tasks (PC image set-up processes that must be completed before a technician or end-users can use the device) –into Lenovo manufacturing, increasing security and reducing time, resources, and cost necessary for IT admins to deploy PCs.
Kensington Lock
Built-in receptacles in all Think products allow use of physical security lock cables from Kensington (and other manufacturers).
LVFS & WU Firmware Update
Lenovo provides not only driver and software updates, but also BIOS and system level firmware updates to the LVFS (Linux Vendor Firmware Service) and Windows Update. Ensures that IT admins can have a secure single source for all updates.
NIST Compliant BIOS
Lenovo BIOS is compliant with many NIST (National Institute for Standards and Technology) security standards.
No Backdoor Supervisor Password
Lenovo BIOS does not contain any backdoor ability to reset the master supervisor password
One Switch Device Guard
Device Guard is a group of key features designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
Packaging Security
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident inves- tigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
PSIRT & FIRST
Lenovo’s Product Security Incident Response Team (PSIRT) welcomes information about potential security vulnerabilities from security researchers, academics, and others in the wider security community. The PSIRT will investigate the issue, develop or source fixes, and then provide these fixes to Lenovo customers as quickly as possible.
Secure Patch/Update of Drivers/Firmware
Secure Patch/Update of Think BIOS uses UEFI capsule update and BIOS updates are signed using SHA 256/RSA 2048 encryption algorithms. Drivers are digitally signed as well.
Smart USB Protection
On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices.
Spare Parts Handling
Lenovo Service Providers confirm that they track the disposal of products and parts. The Service Provider is solely responsible for all actions of their subcontractors have to ensure their own as well as their subcontractor compliance with environmental and security compliance guidelines. Lenovo Service Providers are required to provide full audit documentation to Lenovo.
Tamper Switch
The Lenovo Tamper Switch is present to prevent and/or notify IT admins of unauthorized access into a system. If the tamper switch is activated and triggered, then connection of the correct AC adapter and supervisor password is required.
ThinkShutter
ThinkShutter is a simple and secure mechanical cover that covers the camera on ThinkPad laptops. Solves a problem previously addressed by unsightly and unreliable sticky-notes with an easy to use and truly secure design. (Also available on some ThinkCentre all-in-one desktops).
Thunderbolt security
ThinkPads with Thunderbolt technology have the option in BIOS to set security levels which dictate how thunderbolt ports can be used.
TPM 1.2/2.0
Think branded products contain a TPM module which is a specialized chip on an endpoint device that stores encryption keys specific to the host system for hardware authentication.
Transparent Supply Chain
Transparent Supply Chain helps assure resellers and end-customers that their products come with a level of accountability and traceability unprecedented in the industry. The end result is a more secure supply chain for the industry.
Trusted Supplier Program
Lenovo’s Trusted Supplier Program plays a critical role in the development, manufacture, and delivery of our products. The supply chain begins with the management and control of a qualified supplier base, which provides qualified and secure components for use in development and manufacturing.
