Advantages of a PC equipped with ‘Pluton’ to a hybrid work environment

Security outside the corporate firewall continues to play a major role in day-to-day IT operations while businesses are contemplating how to manage their hybrid workforce.

Following the release of Windows 11 with features for hybrid working last year, Microsoft introduced the security chip Pluton. And a PC equipped with Pluton was unveiled for the first time at CES 2022. Pluton’s purpose is to protect the computers of telecommuters.

ⓒ Getty Images Bank

Laptops with built-in Pluton are Lenovo’s AMD-based laptops ThinkPad Z13 and Z16. The ThinkPad Z13 starts at $1,549 and the Z16 starts at $2,099, and will be released in May. There are no additional costs associated with the embedded pluton chip.

Pluton will be disabled by default on Lenovo ThinkPad platforms in 2022 (Z13, Z16, T14, T16, T14s, P16s, X13, etc with AMD 6000 series processors). A Lenovo spokesperson explained that users can activate Pluton themselves.

As to why the chip is inactive, a Lenovo spokesperson said: “Many enterprise customers are extensively testing and evaluating new security-related software or features for their networks. If, as a result of the evaluation, Pluton deems appropriate, it can be activated directly from the device. When Pluton is released, we will consider activating it at the factory level after evaluating demand.”

The Pluton chip is a dedicated chip that handles security functions such as BitLocker, Windows Hello, and System Guard. Its purpose is to provide better protection than TPM. It was developed in collaboration with Microsoft, AMD, and Qualcomm.

Windows 11 has received various security updates, but features such as UEFI, Secure Boot, and Cryptographic Module TPM cannot be disabled. In other words, Windows 11 is a zero-trust-enabled operating system designed for chip-to-cloud safety, with security verification enabled by default.

The Pluton chip protects PCs from sophisticated malware attacks by more securely storing user credentials, identity, personal information, and encryption keys, including fingerprint information. Like TPM 2.0, Windows Update updates and dynamically adds new security features. Microsoft spokesperson Matt Wu said, “With ‘strictly integrated hardware and software’, it gives us additional visibility and control to help prevent security vulnerabilities and better adapt to changes in the threat landscape.”

“Pluton acts as a TPM on its own or in combination with a separate, third-party TPM to provide additional security. Enterprise users have the choice and flexibility to use Pluton with or instead of a third-party TPM.”

Pluton is integrated into the device’s CPU die, making it difficult for attackers to access. Also, even if an attacker installs malware or has physical possession of the PC, the data stored in Pluton cannot be removed. This is because Pluton is isolated from the rest of the system. Because it’s a separate chip, it helps block speculative execution techniques such as side-channel attacks that exploit CPU behavior and capabilities. “The biggest advantage of Pluton is that it eliminates physical side-channel attacks on standalone TPM-CPU communication channels,” said Gartner analyst Patrick Hevesi.

In a side-channel attack, the malicious code does not target the vulnerabilities of the encryption system, but seeks information about the operation of the encryption system. For example, acoustic cryptanalysis, which steals passwords by recording the user’s keyboard sound, is a representative method.

“Since the pluton security process is implemented as a System on Chip (SoC), there is no way to enter the channel without destroying the chip. Also, according to Microsoft, encryption keys will never leave Pluton’s security perimeter, which will help block attacks like speculative execution and other types of attacks.”

Another advantage of the Pluton architecture is that it can be updated with Windows Update. “Microsoft controls and protects the firmware code, and we can continue to add new security features as we release new versions of Windows,” Hevesi added.

In addition, Microsoft introduced secure boot, measured boot, and VBSIt is also possible to improve hardware and software security features such as (Virtualization-based Security).

“Pluton can also prevent remote attacks that attempt to alter the kernel or OS boot process, and the integration of physical layer and software-based security features will help protect remote devices. Applying Pluton to a company’s own devices can block physical insider attacks. “Microsoft has already implemented Pluton in Azure Sphere.”

However, not all experts believe that the Pluton chip provides complete security. IDC vice president of research Michael Souby predicted that while the SoC platform would be a useful advance, it would not radically change a company’s PC purchasing decisions in the short term.

“For example, if a threat actor steals a corporate executive’s laptop, hacks it, infects the device with malware at the hardware level, and then leaves the device unattended, executives and IT teams will never know that someone has tampered with the laptop,” Suvi said. will,” he pointed out.

Lenovo’s new laptops are based on AMD’s Ryzen 6000 series processors, and Windows 11 has a built-in Pluton security chip. The Pluton chip builds on technology used over many years by Microsoft’s Xbox and Azure Sphere.

“As we enter the era of hybrid work, there is a growing need for modern security solutions that provide end-to-end protection, regardless of location,” Wu said. Windows 11 is designed from the ground up to provide security enhancements such as Windows Hello, Device Encryption, VBS, Hypervisor-Protected Code Integrity (HVCI) and Secure Boot, a combination that can reduce malware infections by 60%. ” explained.

It seems clear that Microsoft was inspired by the various upgrades and chip designs of Windows 11 in a hybrid work environment. “I’ve learned a lot from our partners over the past few years,” said Nicole Dezen, vice president of product partners, Microsoft, in a blog post. “This learning and the new way of working have also influenced several innovations in the design of Windows 11.”

[email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!