Comprehensive and customizable end-to-end protection that secures your business without slowing down your people.
Smarter technology for all.
ThinkShield is Lenovo’s portfolio of secure hardware, software, and services.
Secure Supply Chain
Rigorous, trackable, and auditable security standards are built into every step of our secure and transparent supply chain.
Lenovo Innovations
Every new Lenovo product is secure by design, with secure hardware engineered by the makers of the world’s most trusted business PCs.
World-Class Partners
We’ve partnered with the industry’s most trusted security providers to provide deeper and broader protections.
ThinkShield is customizable to your business needs and budget, helping to keep you ahead of dangerous breaches.
At Lenovo, security begins with development and continues through the supply chain and the full lifecycle of every device—from development through disposal.
Development
Every Think device is engineered from the ground up for security.
Trusted Supplier Program
We oversee the security and accountability of every supplier, working only with trusted and secure suppliers.
Secure Packaging
Physical security via tamper-evident packaging, qualified transportation, and secure tracking.
Secure Disposal
At a device’s end-of-life, we wipe drives and securely recycle parts.
In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans—costing up to $500 million. Protect your devices.
Lenovo Patch for SCCM
In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans—costing up to $500 million. Protect your devices.
Ready-to-Provision Plus
Eliminates third-party software and allows for five customer-provided scripts to be installed during manufacturing.
Intel Boot Guard
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
Lenovo Self-Healing BIOS
When BIOS is corrupted or maliciously attacked, the BIOS will “self-heal” and revert to known good backup copy.
Remote Supervisor Password Setting by Absolute
Allows IT Administrators to leverage Absolute Persistence 2.0 secure communication framework to set a supervisor password without physical presence.
Lenovo HTTPS Boot
Allows IT Administrators to securely boot from a https network resource.
Intel Hardware Shield
Intel Hardware Shield helps minimize the risk of malicious code injection. This new firmware feature, available in the Intel® vPro™ platform, locks the BIOS when software is running to help prevent planted malware from gaining traction.
3M Filters
Add-on screen filters that protect sensitive data from shoulder surfing/visual hackers
Absolute Software
Provides IT admins with a reliable two-way connection with all of their devices, so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains.
Anti Bridge Switch
A BIOS-level security feature that prevents wired and wireless networking from being active at the same time.
Asset Tagging Service
With Lenovo’s Standard and Enhanced Asset Tagging services, customers can have information-rich, tamper-resistant asset tags affixed to their PC and/or stored in the system’s BIOS before the PC is delivered to them. Asset tags can also be etched into the system lid, if etching is available in country.
BIOS Asset Information Area
An area of BIOS that can be customized with a customer’s own asset identification information (See Asset Tagging Service as well)
BIOS Reading Room
A premium service that allows customers to visually inspect all Lenovo Think commerical products’ BIOS source code in a controlled physical environment. Nearly 2 MILLION lines of source code available for inspection*
C-TPAT Logistics
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protec- tion throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visi- tors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
Device Registration
The ability to notify Lenovo of a stolen or lost system and to have Lenovo designate it as such in our master global warranty entitlement database.
HVCI Compliant Drivers
Lenovo’s device drivers fully support Device Guard, Boot Guard and Credential Guard (Intel Security features)
Intel Boot Guard
A BIOS-level security feature that prevents the system from booting an unauthorized operating system
ITC First Boot Service
Lenovo’s First Boot Services (FBS), shifts unattended first boot tasks (PC image set-up processes that must be completed before a technician or end-users can use the device) –into Lenovo manufacturing, increasing security and reducing time, resources, and cost necessary for IT admins to deploy PCs.
Kensington Lock
Built-in receptacles in all Think products allow use of physical security lock cables from Kensington (and other manufacturers).
LVFS & WU Firmware Update
Lenovo provides not only driver and software updates, but also BIOS and system level firmware updates to the LVFS (Linux Vendor Firmware Service) and Windows Update. Ensures that IT admins can have a secure single source for all updates.
NIST Compliant BIOS
Lenovo BIOS is compliant with many NIST (National Institute for Standards and Technology) security standards.
No Backdoor Supervisor Password
Lenovo BIOS does not contain any backdoor ability to reset the master supervisor password
One Switch Device Guard
Device Guard is a group of key features designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
Packaging Security
Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident inves- tigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer’s location.
PSIRT & FIRST
Lenovo’s Product Security Incident Response Team (PSIRT) welcomes information about potential security vulnerabilities from security researchers, academics, and others in the wider security community. The PSIRT will investigate the issue, develop or source fixes, and then provide these fixes to Lenovo customers as quickly as possible.
Secure Patch/Update of Drivers/Firmware
Secure Patch/Update of Think BIOS uses UEFI capsule update and BIOS updates are signed using SHA 256/RSA 2048 encryption algorithms. Drivers are digitally signed as well.
Smart USB Protection
On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices.
Spare Parts Handling
Lenovo Service Providers confirm that they track the disposal of products and parts. The Service Provider is solely responsible for all actions of their subcontractors have to ensure their own as well as their subcontractor compliance with environmental and security compliance guidelines. Lenovo Service Providers are required to provide full audit documentation to Lenovo.
Tamper Switch
The Lenovo Tamper Switch is present to prevent and/or notify IT admins of unauthorized access into a system. If the tamper switch is activated and triggered, then connection of the correct AC adapter and supervisor password is required.
ThinkShutter
ThinkShutter is a simple and secure mechanical cover that covers the camera on ThinkPad laptops. Solves a problem previously addressed by unsightly and unreliable sticky-notes with an easy to use and truly secure design. (Also available on some ThinkCentre all-in-one desktops).
Thunderbolt security
ThinkPads with Thunderbolt technology have the option in BIOS to set security levels which dictate how thunderbolt ports can be used.
TPM 1.2/2.0
Think branded products contain a TPM module which is a specialized chip on an endpoint device that stores encryption keys specific to the host system for hardware authentication.
Transparent Supply Chain
Transparent Supply Chain helps assure resellers and end-customers that their products come with a level of accountability and traceability unprecedented in the industry. The end result is a more secure supply chain for the industry.
Trusted Supplier Program
Lenovo’s Trusted Supplier Program plays a critical role in the development, manufacture, and delivery of our products. The supply chain begins with the management and control of a qualified supplier base, which provides qualified and secure components for use in development and manufacturing.
In 2013, Target allowed exposure of 40 million credit and debit card numbers, costing the company over $200 million. Keep your data safe.
Winmagic
WinMagic SecureDoc Enterprise is a flexible, scalable solution designed not only to protect data and ensure compliance, but more importantly to optimize operations and enable a unified encryption strategy across an enterprise.
Intel Remote Secure Erase
Allows IT Administrators to remotely wipe an Intel Pro SSD drive on an AMT enabled (and provisioned) device
Keep Your Drive Service
Customers retain their hard drive, and hence their data, in a warranty situation, improving security and potentially alleviating civil liability risks.
Lenovo Secure Wipe
Allows customers to completely delete sensitive data on their drives without the need for external tools or removing the drive from.
System Management Password
The System Management Password (SMP) is an additional password with significant, but lower authority than the Supervisor Password (SVP). This allows IT Administrators to give power users the SMP, which will enable them to make changes needed for their work, while IT Administrators still maintain complete control with the SVP.
Lenovo Data Protection by Carbonite
Easy-to-use, automatic online backup and recovery software solution to store data and confidential information in the cloud.
Absolute
Provides IT admins with a reliable two-way connection with all of their devices so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains
BitLocker
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Disk Wipe Tools
Think Drive Erase Utility is available for downnload and can be used to securely erase any self-encrypting SSD on ThinkPad
Full Drive Encryption
Lenovo can also pre-encrypt the hard drive on the manufacturing line, eliminating the multiple-hour wait required when full-drive encryption is deployed manually.
HDD Password
ThinkPad/ThinkCentre/ThinkStation BIOSes all have the ability to set a secure HDD password that 1) locks the read/write ability of drives and 2) protects access to the encryption key on self encrypting drives
Lenovo Asset Recovery Service
Lenovo’s Asset Recovery Service (ARS) helps customers mitigate the environmental and data security risks associated with end- Recovery Service of-life asset disposal. ARS offers a single source solution for the secure, documented disposition of IT assets and data.
Smart USB Protection
On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices
Self-Encrypting Drives
A class of drives that contain a self-encrypting mechanism for securing data.
ThinkPad Privacy Guard
Built-in ePrivacy screen that protects sensitive data from shoulder surfing/visual hackers (w/ gaze (shoulder surfing) detection & notification (Privacy Alert))
Trusted Service
Trusted service refers to the process Lenovo uses for ensuring that both Lenovo and its service providers handle all customer systems, equipment, and data securely during any repair or service, as well as during asset disposal
USB Secure Hard Drive
Optimized for safeguardingn essential data while on the go, ThinkPad USB Secure Hard Drives offer high-level, 256-bit Advanced Encryption Standard (AES) security within a slim, lightweight, self-powered, easy-to-use design
In 2014, stolen credentials exposed 145 million eBay users, causing the company to revise revenue targets down by $200 million. Make sure your devices know you.
Intel Authenticate Multifactor
With Intel® Authenticate, users can log in fast without costly password resets, and IT teams can count on user identities and policies protected in a deep layer of silicon-based protection. PIN, biometrics, keys, tokens and associated certificates are captured, encrypted, matched, and stored in the hardware, out of sight and reach from typical attack methods.
FIDO
FIDO is an industry alliance providing open and scalable standards that enable simpler and more secure user authentication experiences across many websites and mobile services. Lenovo partner GO-Trust offers the ability to implement FIDO in the customer’s environment (AD, SSO, etc)
Windows Hello
Microsoft’s built-in authentication for Windows 10. Enables biometric (IR Camera, fingerprint, etc) and other factors like PIN, picture password, etc.
Match on Chip Fingerprint
Securely stores and handles all aspects of fingerprint authentication within a single chip.
Lenovo Fingerprint Biometric USB Mouse
The Lenovo Fingerprint Biometric USB Mouse delivers solid protection against intrusion with 256-bit encryption and industry-leading performance for secure identification.
Glance: Presence Detection
Senses if the user is away and locks the system.
Glance: Gaze Detection
Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.
Broad SmartCard Support
Support for multiple industry standards of Smart Card authentication
Intel Online Connect
Enables simple and highly secure online authentication and payments.
IR Camera
IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.
Geo-Fencing Security
A location-based / geo-fencing method of authentication, using GPS and/or network location detection.
Secure NFC Tap-to-Login
An additional factor of authentication based on Near Field Communications.
In 2018, one click on a phishing link unleashed malware that exposed the personal records of 1.5 million SingHealth patients. Avoid online threats.
BUFFERZONE Sandboxing
BUFFERZONE uses patented virtualization technology to isolate internet applications and contain cyber attacks so that they can not get through to the endpoint or the network.
Mobile Iron
Industry-leading EMM (Enterprise Mobility Management) tool which allows IT admins to manage their devices regardless of OS or device type.
Lenovo Wi-Fi Security
A secure Wi-Fi access point solution (integrated into Lenovo Vantage) which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.
Intel Software Guard Extensions
A set of extensions to the Intel (security) architecture that aims to provide integrity and confidentiality and protects selected code and data from disclosure or modification.
Lenovo Security Console
An enterprise-ready (rules definable by the customer) secure Wifi access point solution which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.
Intel Authenticate Multifactor
Support for multiple industry standards of Smart Card authentication
IR Camera
IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.
Intel Authenticate Multifactor
Support for multiple industry standards of Smart Card authentication
Intel Online Connect
Enables simple and highly secure online authentication and payments.
Glance: Presence Detection
Senses if the user is away and locks the system.
Glance: Gaze Detection
Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.
Geo-Fencing Security
A location-based / geo-fencing method of authentication, using GPS and/or network location detection.
Secure NFC Tap-to-Login
An additional factor of authentication based on Near Field Communications.
Working together
to fortify your business
ThinkShield brings world-class security providers together arm-in-arm to defend your company from security threats. Outfitting your business with modern Think devices, complete with the Intel® vPro™ platform and Windows 10 Pro, gives you the foundation for a secure business.
Security that's more usable for both admins and end-users
ThinkShield locks down your data without slowing down your team, offering automated and intelligent solutions that make your IT team more capable as defenders and growers of your business while staying out of the end-user's way.
IT RESOURCE TOOLKIT
We're here to help.
Find fresh perspectives and useful content to help elevate the importance
of end-to-end security within your organization.
Simpler security starts here.
All new Lenovo devices are secure by design with essential ThinkShield protections built in.
Don’t leave your business unprotected.
We’ll help customize the right solution for your business.
Click below to contact a Lenovo Representative.