A lot of noise was made over the revelation that Lenovo PCs have been banned from classified government networks in several countries, including the U.S., due to the company's connections to the Chinese government. Can proper network security controls temper such fears? Which do you recommend?
Ask the expert
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous.)
This is a really question difficult to answer, as no one outside of the government will ever know the real reasons for the widely reported ban on the use of Lenovo personal computers (PCs) by U.S. government agencies and various other governments. Nor will people know the validity of the company's connection to alleged malicious activities by China-based actors. The Australian Department of Defense, for one, emerged and called the ban "factually incorrect."
In regards to the proper network security controls to implement, this is an even more difficult question to answer, because the Chinese manipulation of Lenovo hardware and firmware is alleged, and specific mitigations are hard to recommend against something that is not factually known.
Therefore, I would like to suggest that companies implement some general network security controls that should both temper fears over banned computers and maintain network safety. First, if Lenovo PCs are being used in your enterprise environment and connecting to the corporate network, constant monitoring of network logs is paramount, especially if malicious activity is suspected or has been seen before. If an abnormally high amount of malicious traffic specifically involves the Lenovo machines, then obviously that would require both quick action and further analysis of the devices. Second, be sure to pay close attention to the data leaving the network. If nothing trips your firewall alerts, look at the type of data exiting the network and ensure that nothing sensitive or private is being taken. Data loss prevention and data exfiltration prevention systems are a great help.
Dig Deeper on SIEM, log management and big data security analytics
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading