Abstract: Systems and methods are provided that may be implemented to monitor unique usage characteristics (e.g., system device usage) of an individual information handling system, and to determine a unique system pre-boot interface (PBI) configuration for the individual information handling system based on these monitored unique usage characteristics. The provided systems and methods may also be implemented to automatically update pre-boot interface security configuration for system devices based on the monitored usage characteristics of the individual information handling system.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.

Abstract: Establishing a diagnostic OS for an information handling system platform performing a UEFI BIOS boot to place the platform in a pre-OS state. Upon detecting a particular POST error and/or a platform configuration policy, an embedded OS kernel may be launched into a DRTM-authenticated measured launch environment (MLE). Additional objects for the diagnostic OS may be downloaded. The additional objects may include an initial ramdisk (initrd) module and one or more applications specific to the particular diagnostic OS. The diagnostic OS may be launched as follows: for each diagnostic OS application, launching the application and extending a measurement of the application into a DRTM PCR. Launching the diagnostic OS may include launching an initrd module and extending a measurement of the initrd module into the DRTM PCR. A measurement of embedded OS kernel may be extended into the TPM and the embedded OS kernel may validate the UEFI BIOS sequence.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: Systems and methods for off-host integrity verification of Trusted Execution Environments (TEEs) are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to obtain, by an Operating System (OS) agent, a measurement of contents of a selected area of a Non-Volatile Memory (NVM) used by a TEE coupled to the processor, transmit the measurement from the OS agent to another IHS configured to perform integrity verification of the TEE based, at least in part, upon the measurement, and receive, at the OS agent from the other IHS, an indication of a result of the integrity verification.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Methods and systems are provided that may be implemented in an automated manner to distribute and integrate information regarding threat indicators as they occur in real time. The provided methods and systems may be implemented to combine threat indicator characteristic information in real time with application behavior patterns, information handling system types, and/or application types; and to automatically apply the resulting intelligence together to improve malicious attack defense at the application and information handling system level at scale.

Abstract: Systems and methods are provided for swapping computing architectures used by workspaces operating on an Information Handling System (IHS). A first workspace definition is generated for deployment of a workspace on the IHS using a first computing architecture. A timer is initiated upon deployment of the workspace on the IHS according to the first workspace definition. Upon expiration of the timer, a second workspace definition is generated for redeployment of the workspace using a second computing architecture. The workspace is then redeployed on the IHS according to the second workspace definition. The duration of the timer may be a randomized interval, or may be selected based on security and/or productivity metrics for the deployment of the workspace on the IHS. Through swapping of the computing architecture used by the workspace, the attack surface presented by the workspace is regularly altered, thus thwarting malicious actors attempting to compromise the workspace.

Abstract: Systems and methods for detecting security attacks using workspace orchestration logs are described. In some embodiments, a workspace orchestration server may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, may cause the server to: maintain a first workspace orchestration log, receive a second workspace orchestration log from a client Information Handling System (IHS), and identify the security attack, at least in part, in response to a discrepancy between the first and second workspace orchestration logs.

Abstract: Systems and methods for dynamic workspace targeting with crowdsourced user context are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect execution of an application in a workspace instantiated by a client IHS; validate the application based upon productivity context information and security context information received from the client IHS; and in response to the validation, distribute the validated application to another workspace instantiated by another client IHS.

Abstract: Systems and methods for hardware-based protection of Application Programming Interface (API) keys are described. In some embodiments, an endpoint Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: send an encrypted API key to a trusted controller; and receive a decrypted API key from the trusted controller.

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

Abstract: A firmware update method maintains a firmware resource table for multiple firmware modules. The table includes a globally unique identifier (GUID) of the module and current version information. A firmware capsule is delivered to a capsule delivery service (CDS) and pushed to a platform. The capsule includes a firmware update and firmware dependency components, indicating GUIDs and minimum current versions of one or more other firmware modules that must be found in the resource table before installing the firmware module being processed. An update may be perform for the particular firmware module responsive to confirming the current version information satisfies the dependency criteria. If the version information does not satisfy the dependency criteria, the firmware capsule may be staged to a platform store and GUID in the resource table may be removed. Conversely, successfully processing a previously staged firmware capsule may include restoring or otherwise updating the GUID.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for creating and handling workspace indicators of compromise (IOC) based upon configuration drift are described. In some embodiments, a memory storage device may have program instructions stored thereon that, upon execution by one or more processors of an Information Handling System (IHS) of a workspace orchestration service, cause the IHS to: receive configuration information from a client IHS at a workspace orchestration service, where the configuration information represents a change in a configuration of a workspace executed by the client IHS, and where the workspace is instantiated based upon a workspace definition provided by the workspace orchestration service; determine, by the workspace orchestration service, that the configuration information matches an IOC; and transmit, from the workspace orchestration service to the client IHS, an instruction to perform an action responsive to the IOC.