Connect with us

Hi, what are you looking for?


Endpoint Security

Wave Systems Launches TPM-Based Malware Detection Technology

Wave Systems’ new endpoint security product relies on a chip on the computer’s motherboard to detect malware infections.

Wave Systems’ new endpoint security product relies on a chip on the computer’s motherboard to detect malware infections.

Wave SystemsThe Wave Endpoint Monitor takes advantage of the Trusted Platform Module chip’s built-in security capabilities to provide businesses with advanced protection against sophisticated malware and advanced persistent threats, Wave Systems said Tuesday. The Wave Endpoint Monitor provides increased visibility into what is running on the computer even before the operating system launches, the company said.

Rootkit attacks hide in host systems and evade many mainstream security methods such as antivirus software, Wave Systems said. They are hard to detect because they burrow into the BIOS and the Master Boot Record (MBR), making them invisible to the operating system or security software running within the operating system. Rootkits can also replace the machine firmware with a malicious one, causing even more damage.

“Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss,” Steven Sprague, CEO of Wave Systems, said in a statement.

Wave Systems addresses the problem by analyzing the information collected and stored within the Trusted Platform Module security chip which is built in and usually enabled on most modern systems. The TPM module can capture data about the PC’s overall health by keeping track of what is going on in the BIOS and MBR. By being able to see what is going on under-the-hood, TPM can see infections and malicious activity that the operating system can’t detect.

The TPM chip includes shielded memory locations called the Platform Configuration Registers (PCRs), Brian Berger, executive vice president of Wave Systems, told SecurityWeek. PCRs are storage locations designed to store hashes of critical start-up values, including statistics for pre-OS components such as the BIOS. Wave Endpoint Monitor analyzes these protected values and uses them to detect any changes in the pre-OS components, Berger said. When an anomaly is found, Wave Endpoint Monitor sounds an alert.

“Storing security data in hardware is inherently more secure than storing it in software,” Berger said.

Wave Systems piloted Wave Endpoint Monitor with “several government groups” over the past six months, according to the company. While information and details about the pilot program are highly confidential, Berger said the pilot programs ranged from lab to user environments. “The clients have been very positive about the results of the pilots,” Berger added.

Advertisement. Scroll to continue reading.

Wave Endpoint Monitor can work with computers installed with any version of TPM 1.2, Berger said. Wave Systems offers a central, remote TPM management application that can help organizations centrally manage systems using TPM, Berger said.

“Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints,” Sprague said.

Wave Endpoint Monitor Report Screenshot

Related: Wave Systems Signs 15-year License Agreement with Samsung

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.