Close IoT Security Gaps with Windows 10’s UEFI

As we close out another eventful year, businesses are revving up Windows 10 migrations to start off the 2017 calendar. As the proliferation of advanced malware and rootkit security threats continue to explode onto the IoT scene, banks are not only moving to advanced security leaders like Carbon Black, but also beginning to expedite their Windows 10 migrations in order to take advantage of the advanced security Windows 10 has to offer the banking industry.

Perhaps the most significant security gain that Windows 10 brings to the table is its next-gen Unified Extensible Firmware Interface (UEFI) technology, which will further harden a bank’s IoT security posture. Banks that move to the Windows 10 platform and utilize UEFI  experience significant security gains with their IoT devices, especially customer facing devices like ATMs. And the benefits go well beyond regulatory compliance; hardening your security posture adds an extra layer of security that works to expand the trust that a bank’s customer base has in their financial institution of choice.

How UEFI IoT Device Security Works

UEFI works by running as middleware software which interacts with both Windows 10 and the firmware (or BIOS) on a device. The introduction of UEFI was done with the ultimate goal of replacing legacy BIOS on desktops, laptops and servers. UEFI presents vast security improvements which secure the boot environment of a hardware platform while a device is being turned on and during the time Windows 10 is being loaded.

In the legacy BIOS systems, this was the most unsecure period of time for any device.  A typical BIOS will allow any device or operating system to boot, making it much easier to have malicious software replace the boot processes on a device, thus loading a now compromised operating system, making this a sever security shortcoming, especially for those businesses in the PCI regulatory world.

This makes using UEFI to secure boot processes is an ideal tool for further securing the environment. And, when combined with the power of Carbon Black, financial institutions and retailers gain a powerful tool to add to an organization’s information security toolbox.

The Key Of UEFI

Devices that are designed to run Windows 10 have a security certificate stored within the UEFI system, which is checked when a device’s boot processes are started. If the certificate does not pass, UEFI blocks the device from booting into the operating system, keeping any data or credentials that are stored on the device safe and untouched. And the one key feature that’s a must-have for those in a PCI regulated industry, is Secure Boot. Any device in the IoT is most vulnerable to being attacked and compromised during its operating system boot process. Secure Boot acts as a go-between, preventing a device from being hijacked or compromised in any way during this most vulnerable time.

If that weren’t enough of a reason to take advantage of the latest UEFI technology in Windows 10, there’s more to love. Secure Boot can also prevent other operating systems from booting, which keeps attackers from physically gaining access to your devices and any contained data.

UEFI and Windows 10 migration

If you would like to have all of your devices, including ATMs and other customer-facing devices, protected and hardened during their most security vulnerable actions, Champion can assist with your Windows 10 migration by utilizing a three pronged solution. We take the power of Windows 10 and combine it with the latest UEFI security features to harden your devices during their most vulnerable activities. Then, we lock down your environment against attack by implementing Carbon Black, which was named by EMA (Enterprise Management Associates) as the industry leader in the next-gen endpoint security space. If you are interested in gaining this kind of high-end security posture for your financial institution, contact us today.

Learn more about our Windows 10 services and see helpful resources


Carbon Black is Banking’s Best Defense Against Rootkits


Top 5 Things to Know about Tintri Analytics