Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Wave Systems Launches TPM-Based Malware Detection Technology

Wave Systems’ new endpoint security product relies on a chip on the computer’s motherboard to detect malware infections.

Wave Systems’ new endpoint security product relies on a chip on the computer’s motherboard to detect malware infections.

Wave SystemsThe Wave Endpoint Monitor takes advantage of the Trusted Platform Module chip’s built-in security capabilities to provide businesses with advanced protection against sophisticated malware and advanced persistent threats, Wave Systems said Tuesday. The Wave Endpoint Monitor provides increased visibility into what is running on the computer even before the operating system launches, the company said.

Rootkit attacks hide in host systems and evade many mainstream security methods such as antivirus software, Wave Systems said. They are hard to detect because they burrow into the BIOS and the Master Boot Record (MBR), making them invisible to the operating system or security software running within the operating system. Rootkits can also replace the machine firmware with a malicious one, causing even more damage.

“Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss,” Steven Sprague, CEO of Wave Systems, said in a statement.

Wave Systems addresses the problem by analyzing the information collected and stored within the Trusted Platform Module security chip which is built in and usually enabled on most modern systems. The TPM module can capture data about the PC’s overall health by keeping track of what is going on in the BIOS and MBR. By being able to see what is going on under-the-hood, TPM can see infections and malicious activity that the operating system can’t detect.

The TPM chip includes shielded memory locations called the Platform Configuration Registers (PCRs), Brian Berger, executive vice president of Wave Systems, told SecurityWeek. PCRs are storage locations designed to store hashes of critical start-up values, including statistics for pre-OS components such as the BIOS. Wave Endpoint Monitor analyzes these protected values and uses them to detect any changes in the pre-OS components, Berger said. When an anomaly is found, Wave Endpoint Monitor sounds an alert.

“Storing security data in hardware is inherently more secure than storing it in software,” Berger said.

Wave Systems piloted Wave Endpoint Monitor with “several government groups” over the past six months, according to the company. While information and details about the pilot program are highly confidential, Berger said the pilot programs ranged from lab to user environments. “The clients have been very positive about the results of the pilots,” Berger added.

Wave Endpoint Monitor can work with computers installed with any version of TPM 1.2, Berger said. Wave Systems offers a central, remote TPM management application that can help organizations centrally manage systems using TPM, Berger said.

Advertisement. Scroll to continue reading.

“Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints,” Sprague said.

Wave Endpoint Monitor Report Screenshot

Related: Wave Systems Signs 15-year License Agreement with Samsung

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.