Dell Trusted Device Installation and Administrator Guide v5.5

Introduction

The Dell Trusted Device agent is part of the Dell SafeBIOS product portfolio. The Trusted Device agent includes the following:

• BIOS Verification
• BIOS Events & Indicators of Attack
• Image Capture
• Intel ME Verification
• Secured Component Verification (On Cloud)
• Security Risk Protection Score
• Dell Event Repository and SIEM integration

BIOS Verification provides customers with affirmation that devices are secured below the operating system, a place where IT administrator visibility is lacking. It enables customers to verify BIOS integrity using an off-host process without interrupting the boot process. After the Trusted Device agent runs on the endpoint, a pass or fail result (0 or 1) displays in some of these locations:

• Web browser
• Command line
• Registry entry
• Event Viewer
• Logs

BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicators of Attack features' ability to monitor BIOS attributes.

The Intel Management Engine (Intel ME) is an independent microcontroller that is built into Intel processor chipsets manufactured starting in 2008. Intel ME provides an interface between the operating system, hardware, and BIOS. Additionally, Intel ME is granted extensive system-level privilege and runs in every power state. The Trusted Device agent scans and verifies that Intel ME firmware is present and untampered.

Secured Component Verification (On Cloud) is a supply-chain assurance offering that enables you to verify the integrity of the components inside your Dell computer.

Security Risk Protection Score enables administrators to determine the security risk level of computers in their enterprise. Trusted Device scans for security solutions and assigns a score per overall risk assessment.

Trusted Device includes the Dell Event Repository and can be integrated with SIEM solutions with support for following features:

• BIOS Verification
• BIOS Events & Indicators of Attack
• Image Capture
• Security Risk Protection Score

See Interoperability for additional ways to use Trusted Device with external solutions.