Rigorous, trackable, and auditable security standards are built into every step of our secure and transparent supply chain.
Every new Lenovo product is secure by design, with secure hardware engineered by the makers of the world’s most trusted business PCs.
We’ve partnered with the industry’s most trusted security providers to provide deeper and broader protections.
ThinkShield is customizable to your business needs and budget, helping to keep you ahead of dangerous breaches.
At Lenovo, security begins with development and continues through the supply chain and the full lifecycle of every device—from development through disposal.
Every Think device is engineered from the ground up for security.
We oversee the security and accountability of every supplier, working only with trusted and secure suppliers.
Physical security via tamper-evident packaging, qualified transportation, and secure tracking.
At a device’s end-of-life, we wipe drives and securely recycle parts.
In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans—costing up to $500 million. Protect your devices.
In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans—costing up to $500 million. Protect your devices.
Eliminates third-party software and allows for five customer-provided scripts to be installed during manufacturing.
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
When BIOS is corrupted or maliciously attacked, the BIOS will “self-heal” and revert to known good backup copy.
Allows IT Administrators to leverage Absolute Persistence 2.0 secure communication framework to set a supervisor password without physical presence.
Allows IT Administrators to securely boot from a https network resource.
Intel Hardware Shield helps minimize the risk of malicious code injection. This new firmware feature, available in the Intel® vPro™ platform, locks the BIOS when software is running to help prevent planted malware from gaining traction.
Add-on screen filters that protect sensitive data from shoulder surfing/visual hackers
Provides IT admins with a reliable two-way connection with all of their devices, so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains.
A BIOS-level security feature that prevents wired and wireless networking from being active at the same time.
With Lenovo’s Standard and Enhanced Asset Tagging services, customers can have information-rich, tamper-resistant asset tags affixed to their PC and/or stored in the system’s BIOS before the PC is delivered to them. Asset tags can also be etched into the system lid, if etching is available in country.
An area of BIOS that can be customized with a customer’s own asset identification information (See Asset Tagging Service as well)
A premium service that allows customers to visually inspect all Lenovo Think commerical products’ BIOS source code in a controlled physical environment. Nearly 2 MILLION lines of source code available for inspection*
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protec- tion throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visi- tors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
The ability to notify Lenovo of a stolen or lost system and to have Lenovo designate it as such in our master global warranty entitlement database.
Lenovo’s device drivers fully support Device Guard, Boot Guard and Credential Guard (Intel Security features)
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
Lenovo’s First Boot Services (FBS), shifts unattended first boot tasks (PC image set-up processes that must be completed before a technician or end-users can use the device) –into Lenovo manufacturing, increasing security and reducing time, resources, and cost necessary for IT admins to deploy PCs.
Built-in receptacles in all Think products allow use of physical security lock cables from Kensington (and other manufacturers).
Lenovo provides not only driver and software updates, but also BIOS and system level firmware updates to the LVFS (Linux Vendor Firmware Service) and Windows Update. Ensures that IT admins can have a secure single source for all updates.
Lenovo BIOS is compliant with many NIST (National Institute for Standards and Technology) security standards.
Lenovo BIOS does not contain any backdoor ability to reset the master supervisor password
Device Guard is a group of key features designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident inves- tigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
Lenovo’s Product Security Incident Response Team (PSIRT) welcomes information about potential security vulnerabilities from security researchers, academics, and others in the wider security community. The PSIRT will investigate the issue, develop or source fixes, and then provide these fixes to Lenovo customers as quickly as possible.
Secure Patch/Update of Think BIOS uses UEFI capsule update and BIOS updates are signed using SHA 256/RSA 2048 encryption algorithms. Drivers are digitally signed as well.
On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices.
Lenovo Service Providers confirm that they track the disposal of products and parts. The Service Provider is solely responsible for all actions of their subcontractors have to ensure their own as well as their subcontractor compliance with environmental and security compliance guidelines. Lenovo Service Providers are required to provide full audit documentation to Lenovo.
The Lenovo Tamper Switch is present to prevent and/or notify IT admins of unauthorized access into a system. If the tamper switch is activated and triggered, then connection of the correct AC adapter and supervisor password is required.
ThinkShutter is a simple and secure mechanical cover that covers the camera on ThinkPad laptops. Solves a problem previously addressed by unsightly and unreliable sticky-notes with an easy to use and truly secure design. (Also available on some ThinkCentre all-in-one desktops).
ThinkPads with Thunderbolt technology have the option in BIOS to set security levels which dictate how thunderbolt ports can be used.
Think branded products contain a TPM module which is a specialized chip on an endpoint device that stores encryption keys specific to the host system for hardware authentication.
Transparent Supply Chain helps assure resellers and end-customers that their products come with a level of accountability and traceability unprecedented in the industry. The end result is a more secure supply chain for the industry.
Lenovo’s Trusted Supplier Program plays a critical role in the development, manufacture, and delivery of our products. The supply chain begins with the management and control of a qualified supplier base, which provides qualified and secure components for use in development and manufacturing.
In 2013, Target allowed exposure of 40 million credit and debit card numbers, costing the company over $200 million. Keep your data safe.
WinMagic SecureDoc Enterprise is a flexible, scalable solution designed not only to protect data and ensure compliance, but more importantly to optimize operations and enable a unified encryption strategy across an enterprise.
Allows IT Administrators to remotely wipe an Intel Pro SSD drive on an AMT enabled (and provisioned) device
Customers retain their hard drive, and hence their data, in a warranty situation, improving security and potentially alleviating civil liability risks.
Allows customers to completely delete sensitive data on their drives without the need for external tools or removing the drive from.
The System Management Password (SMP) is an additional password with significant, but lower authority than the Supervisor Password (SVP). This allows IT Administrators to give power users the SMP, which will enable them to make changes needed for their work, while IT Administrators still maintain complete control with the SVP.
Easy-to-use, automatic online backup and recovery software solution to store data and confidential information in the cloud.
Provides IT admins with a reliable two-way connection with all of their devices so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Think Drive Erase Utility is available for downnload and can be used to securely erase any self-encrypting SSD on ThinkPad
Lenovo can also pre-encrypt the hard drive on the manufacturing line, eliminating the multiple-hour wait required when full-drive encryption is deployed manually.
ThinkPad/ThinkCentre/ThinkStation BIOSes all have the ability to set a secure HDD password that 1) locks the read/write ability of drives and 2) protects access to the encryption key on self encrypting drives
Lenovo’s Asset Recovery Service (ARS) helps customers mitigate the environmental and data security risks associated with end- Recovery Service of-life asset disposal. ARS offers a single source solution for the secure, documented disposition of IT assets and data.
On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices
A class of drives that contain a self-encrypting mechanism for securing data.
Built-in ePrivacy screen that protects sensitive data from shoulder surfing/visual hackers (w/ gaze (shoulder surfing) detection & notification (Privacy Alert))
Trusted service refers to the process Lenovo uses for ensuring that both Lenovo and its service providers handle all customer systems, equipment, and data securely during any repair or service, as well as during asset disposal
Optimized for safeguardingn essential data while on the go, ThinkPad USB Secure Hard Drives offer high-level, 256-bit Advanced Encryption Standard (AES) security within a slim, lightweight, self-powered, easy-to-use design
In 2014, stolen credentials exposed 145 million eBay users, causing the company to revise revenue targets down by $200 million. Make sure your devices know you.
With Intel® Authenticate, users can log in fast without costly password resets, and IT teams can count on user identities and policies protected in a deep layer of silicon-based protection. PIN, biometrics, keys, tokens and associated certificates are captured, encrypted, matched, and stored in the hardware, out of sight and reach from typical attack methods.
FIDO is an industry alliance providing open and scalable standards that enable simpler and more secure user authentication experiences across many websites and mobile services. Lenovo partner GO-Trust offers the ability to implement FIDO in the customer’s environment (AD, SSO, etc)
Microsoft’s built-in authentication for Windows 10. Enables biometric (IR Camera, fingerprint, etc) and other factors like PIN, picture password, etc.
Securely stores and handles all aspects of fingerprint authentication within a single chip.
The Lenovo Fingerprint Biometric USB Mouse delivers solid protection against intrusion with 256-bit encryption and industry-leading performance for secure identification.
Senses if the user is away and locks the system.
Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.
Support for multiple industry standards of Smart Card authentication
Enables simple and highly secure online authentication and payments.
IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.
A location-based / geo-fencing method of authentication, using GPS and/or network location detection.
An additional factor of authentication based on Near Field Communications.
In 2018, one click on a phishing link unleashed malware that exposed the personal records of 1.5 million SingHealth patients. Avoid online threats.
BUFFERZONE uses patented virtualization technology to isolate internet applications and contain cyber attacks so that they can not get through to the endpoint or the network.
Industry-leading EMM (Enterprise Mobility Management) tool which allows IT admins to manage their devices regardless of OS or device type.
A secure Wi-Fi access point solution (integrated into Lenovo Vantage) which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.
A set of extensions to the Intel (security) architecture that aims to provide integrity and confidentiality and protects selected code and data from disclosure or modification.
An enterprise-ready (rules definable by the customer) secure Wifi access point solution which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.
Support for multiple industry standards of Smart Card authentication
IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.
Support for multiple industry standards of Smart Card authentication
Enables simple and highly secure online authentication and payments.
Senses if the user is away and locks the system.
Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.
A location-based / geo-fencing method of authentication, using GPS and/or network location detection.
An additional factor of authentication based on Near Field Communications.
ThinkShield brings world-class security providers together arm-in-arm to defend your company from security threats. Outfitting your business with modern Think devices, complete with the Intel® vPro™ platform and Windows 10 Pro, gives you the foundation for a secure business.
ThinkShield locks down your data without slowing down your team, offering automated and intelligent solutions that make your IT team more capable as defenders and growers of your business while staying out of the end-user's way.
Find fresh perspectives and useful content to help elevate the importance
of end-to-end security within your organization.
All new Lenovo devices are secure by design with essential ThinkShield protections built in.
We’ll help customize the right solution for your business.
Click below to contact a Lenovo Representative.
Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Intel Xeon Inside and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
©2019 Lenovo. All rights reserved.
Our site uses cookies and other technologies so that we can remember you and understand how you and other visitors use our site. By using this website you accept our cookie usage.
Learn more.