cta image thinkshield logo

Comprehensive and customizable end-to-end protection that secures your business without slowing down your people.

Designed For Business.
Perfected For People.

 

Download Solutions Guide

blank spacer 385x1 v2
Share This

thinkshield fallout docuseries

COMING SOON!

logos thinkshield overview

 

ThinkShield is Lenovo’s portfolio of secure hardware, software, and services.

icon thinkshield supply chain

Secure Supply Chain

shape blue line 38x10

Rigorous, trackable, and auditable security standards are built into every step of our secure and transparent supply chain.

icon thinkshield innovations

Lenovo Innovations

shape blue line 38x10

Every new Lenovo product is secure by design, with secure hardware engineered by the makers of the world’s most trusted business PCs.

icon thinkshield partners

World-Class Partners

shape blue line 38x10

We’ve partnered with the industry’s most trusted security providers to provide deeper and broader protections.

Share This

Customizable portfolio


ThinkShield is customizable to your business needs and budget, helping to keep you ahead of dangerous breaches.

content personalization

Security by Design


At Lenovo, security begins with development and continues through the supply chain and the full lifecycle of every device—from development through disposal.

Product Development
Development

Every Think device is engineered from the ground up for security.

Trusted Supplier Program
Trusted Supplier Program

We oversee the security and accountability of every supplier, working only with trusted and secure suppliers.

Secure Packaging
Secure Packaging

Physical security via tamper-evident packaging, qualified transportation, and secure tracking.

Secure Disposal
Secure Disposal

At a device’s end-of-life, we wipe drives and securely recycle parts.

Device protection


In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans-costing up to 500 $ million. Protect your devices.

Lenovo Patch for SCCM
Lenovo Patch for SCCM

In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans-costing up to 500 $ million. Protect your devices.

Ready-to-Provision Plus
Ready-to-Provision Plus

Eliminates third-party software and allows for five customer-provided scripts to be installed during manufacturing.

Intel Boot Guard
Intel Boot Guard

A BIOS-level security feature that prevents the system from booting an unauthorized operating system

Lenovo Self-Healing BIOS
Lenovo Self-Healing BIOS

When BIOS is corrupted or maliciously attacked, the BIOS will “self-heal” and revert to known good backup copy.

Remote Supervisor Password Setting by Absolute
Remote Supervisor Password Setting by Absolute

Allows IT Administrators to leverage Absolute Persistence 2.0 secure communication framework to set a supervisor password without physical presence.

Lenovo HTTPS Boot
Lenovo HTTPS Boot

Allows IT Administrators to securely boot from a https network resource.

Intel Hardware Shield
Intel Hardware Shield

Intel Hardware Shield helps minimize the risk of malicious code injection. This new firmware feature, available in the Intel® vPro™ platform, locks the BIOS when software is running to help prevent planted malware from gaining traction.

3M Filters
3M Filters

Add-on screen filters that protect sensitive data from shoulder surfing/visual hackers

Absolute Software
Absolute Software

Provides IT admins with a reliable two-way connection with all of their devices, so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains.

Anti Bridge Switch
Anti Bridge Switch

A BIOS-level security feature that prevents wired and wireless networking from being active at the same time.

Asset Tagging Service
Asset Tagging Service

With Lenovo's Standard and Enhanced Asset Tagging services, customers can have information-rich, tamper-resistant asset tags affixed to their PC and/or stored in the system's BIOS before the PC is delivered to them. Asset tags can also be etched into the system lid, if etching is available in country.

BIOS Asset Information Area
BIOS Asset Information Area

An area of BIOS that can be customized with a customer’s own asset identification information (See Asset Tagging Service as well)

BIOS Reading Room
BIOS Reading Room

A premium service that allows customers to visually inspect all Lenovo Think commerical products' BIOS source code in a controlled physical environment. Nearly 2 MILLION lines of source code available for inspection*

C-TPAT Logistics
C-TPAT Logistics

Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protec- tion throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visi- tors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer's location.

Device Registration
Device Registration

The ability to notify Lenovo of a stolen or lost system and to have Lenovo designate it as such in our master global warranty entitlement database.

HVCI Compliant Drivers
HVCI Compliant Drivers

Lenovo’s device drivers fully support Device Guard, Boot Guard and Credential Guard (Intel Security features)

Intel Boot Guard
Intel Boot Guard

A BIOS-level security feature that prevents the system from booting an unauthorized operating system

ITC First Boot Service
ITC First Boot Service

Lenovo’s First Boot Services (FBS), shifts unattended first boot tasks (PC image set-up processes that must be completed before a technician or end-users can use the device) –into Lenovo manufacturing, increasing security and reducing time, resources, and cost necessary for IT admins to deploy PCs.

Kensington Lock
Kensington Lock

Built-in receptacles in all Think products allow use of physical security lock cables from Kensington (and other manufacturers).

LVFS & WU Firmware Update
LVFS & WU Firmware Update

Lenovo provides not only driver and software updates, but also BIOS and system level firmware updates to the LVFS (Linux Vendor Firmware Service) and Windows Update. Ensures that IT admins can have a secure single source for all updates.

NIST Compliant BIOS
NIST Compliant BIOS

Lenovo BIOS is compliant with many NIST (National Institute for Standards and Technology) security standards.

No Backdoor Supervisor Password
No Backdoor Supervisor Password

Lenovo BIOS does not contain any backdoor ability to reset the master supervisor password

One Switch Device Guard
One Switch Device Guard

Device Guard is a group of key features designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.

Packaging Security
Packaging Security

Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident inves- tigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer's location.

PSIRT & FIRST
PSIRT & FIRST

Lenovo's Product Security Incident Response Team (PSIRT) welcomes information about potential security vulnerabilities from security researchers, academics, and others in the wider security community. The PSIRT will investigate the issue, develop or source fixes, and then provide these fixes to Lenovo customers as quickly as possible.

Secure Patch/Update of Drivers/Firmware
Secure Patch/Update of Drivers/Firmware

Secure Patch/Update of Think BIOS uses UEFI capsule update and BIOS updates are signed using SHA 256/RSA 2048 encryption algorithms. Drivers are digitally signed as well.

Smart USB Protection
Smart USB Protection

On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices.

Spare Parts Handling
Spare Parts Handling

Lenovo Service Providers confirm that they track the disposal of products and parts. The Service Provider is solely responsible for all actions of their subcontractors have to ensure their own as well as their subcontractor compliance with environmental and security compliance guidelines. Lenovo Service Providers are required to provide full audit documentation to Lenovo.

Tamper Switch
Tamper Switch

The Lenovo Tamper Switch is present to prevent and/or notify IT admins of unauthorized access into a system. If the tamper switch is activated and triggered, then connection of the correct AC adapter and supervisor password is required.

ThinkShutter
ThinkShutter

ThinkShutter is a simple and secure mechanical cover that covers the camera on ThinkPad laptops. Solves a problem previously addressed by unsightly and unreliable sticky-notes with an easy to use and truly secure design. (Also available on some ThinkCentre all-in-one desktops).

Thunderbolt security
Thunderbolt security

ThinkPads with Thunderbolt technology have the option in BIOS to set security levels which dictate how thunderbolt ports can be used.

TPM 1.2/2.0
TPM 1.2/2.0

Think branded products contain a TPM module which is a specialized chip on an endpoint device that stores encryption keys specific to the host system for hardware authentication.

Transparent Supply Chain
Transparent Supply Chain

Transparent Supply Chain helps assure resellers and end-customers that their products come with a level of accountability and traceability unprecedented in the industry. The end result is a more secure supply chain for the industry.

Trusted Supplier Program
Trusted Supplier Program

Lenovo's Trusted Supplier Program plays a critical role in the development, manufacture, and delivery of our products. The supply chain begins with the management and control of a qualified supplier base, which provides qualified and secure components for use in development and manufacturing.

Data Protection


In 2013, Target allowed exposure of 40 million credit and debit card numbers, costing the company over 200 $ million. Keep your data safe.

Winmagic
Winmagic

WinMagic SecureDoc Enterprise is a flexible, scalable solution designed not only to protect data and ensure compliance, but more importantly to optimize operations and enable a unified encryption strategy across an enterprise.

Intel Remote Secure Erase
Intel Remote Secure Erase

Allows IT Administrators to remotely wipe an Intel Pro SSD drive on an AMT enabled (and provisioned) device

Keep Your Drive Service
Keep Your Drive Service

Customers retain their hard drive, and hence their data, in a warranty situation, improving security and potentially alleviating civil liability risks.

Lenovo Secure Wipe
Lenovo Secure Wipe

Allows customers to completely delete sensitive data on their drives without the need for external tools or removing the drive from.

System Management Password
System Management Password

The System Management Password (SMP) is an additional password with significant, but lower authority than the Supervisor Password (SVP). This allows IT Administrators to give power users the SMP, which will enable them to make changes needed for their work, while IT Administrators still maintain complete control with the SVP.

Lenovo Data Protection by Carbonite
Lenovo Data Protection by Carbonite

Easy-to-use, automatic online backup and recovery software solution to store data and confidential information in the cloud.

Absolute
Absolute

Provides IT admins with a reliable two-way connection with all of their devices so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains

BitLocker
BitLocker

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Disk Wipe Tools
Disk Wipe Tools

Think Drive Erase Utility is available for downnload and can be used to securely erase any self-encrypting SSD on ThinkPad

Full Drive Encryption
Full Drive Encryption

Lenovo can also pre-encrypt the hard drive on the manufacturing line, eliminating the multiple-hour wait required when full-drive encryption is deployed manually.

HDD Password
HDD Password

ThinkPad/ThinkCentre/ThinkStation BIOSes all have the ability to set a secure HDD password that 1) locks the read/write ability of drives and 2) protects access to the encryption key on self encrypting drives

Lenovo Asset Recovery Service
Lenovo Asset Recovery Service

Lenovo's Asset Recovery Service (ARS) helps customers mitigate the environmental and data security risks associated with end- Recovery Service of-life asset disposal. ARS offers a single source solution for the secure, documented disposition of IT assets and data.

Smart USB Protection
Smart USB Protection

On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports. Only allows keyboards & pointing devices

Self-Encrypting Drives
Self-Encrypting Drives

A class of drives that contain a self-encrypting mechanism for securing data.

ThinkPad Privacy Guard
ThinkPad Privacy Guard

Built-in ePrivacy screen that protects sensitive data from shoulder surfing/visual hackers (w/ gaze (shoulder surfing) detection & notification (Privacy Alert))

Trusted Service
Trusted Service

Trusted service refers to the process Lenovo uses for ensuring that both Lenovo and its service providers handle all customer systems, equipment, and data securely during any repair or service, as well as during asset disposal

USB Secure Hard Drive
USB Secure Hard Drive

Optimized for safeguardingn essential data while on the go, ThinkPad USB Secure Hard Drives offer high-level, 256-bit Advanced Encryption Standard (AES) security within a slim, lightweight, self-powered, easy-to-use design

Identity Protection


In 2014, stolen credentials exposed 145 million eBay users, causing the company to revise revenue targets down by 200 $ million. Make sure your devices know you.

Intel Authenticate Multifactor
Intel Authenticate Multifactor

With Intel® Authenticate, users can log in fast without costly password resets, and IT teams can count on user identities and policies protected in a deep layer of silicon-based protection. PIN, biometrics, keys, tokens and associated certificates are captured, encrypted, matched, and stored in the hardware, out of sight and reach from typical attack methods.

FIDO
FIDO

FIDO is an industry alliance providing open and scalable standards that enable simpler and more secure user authentication experiences across many websites and mobile services. Lenovo partner GO-Trust offers the ability to implement FIDO in the customer's environment (AD, SSO, etc)

Windows Hello
Windows Hello

Microsoft's built-in authentication for Windows 10. Enables biometric (IR Camera, fingerprint, etc) and other factors like PIN, picture password, etc.

Match on Chip Fingerprint
Match on Chip Fingerprint

Securely stores and handles all aspects of fingerprint authentication within a single chip.

Lenovo Fingerprint Biometric USB Mouse
Lenovo Fingerprint Biometric USB Mouse

The Lenovo Fingerprint Biometric USB Mouse delivers solid protection against intrusion with 256-bit encryption and industry-leading performance for secure identification.

Glance: Presence Detection
Glance: Presence Detection

Senses if the user is away and locks the system.

Glance: Gaze Detection
Glance: Gaze Detection

Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.

Broad SmartCard Support
Broad SmartCard Support

Support for multiple industry standards of Smart Card authentication

Intel Online Connect
Intel Online Connect

Enables simple and highly secure online authentication and payments.

IR Camera
IR Camera

IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.

Geo-Fencing Security
Geo-Fencing Security

A location-based / geo-fencing method of authentication, using GPS and/or network location detection.

Secure NFC Tap-to-Login
Secure NFC Tap-to-Login

An additional factor of authentication based on Near Field Communications.

Online Protection


In 2018, one click on a phishing link unleashed malware that exposed the personal records of 1.5 million SingHealth patients. Avoid online threats.

BUFFERZONE Sandboxing
BUFFERZONE Sandboxing

BUFFERZONE uses patented virtualization technology to isolate internet applications and contain cyber attacks so that they can not get through to the endpoint or the network.

Mobile Iron
Mobile Iron

Industry-leading EMM (Enterprise Mobility Management) tool which allows IT admins to manage their devices regardless of OS or device type.

Lenovo Wi-Fi Security
Lenovo Wi-Fi Security

A secure Wi-Fi access point solution (integrated into Lenovo Vantage) which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.

Intel Software Guard Extensions
Intel Software Guard Extensions

A set of extensions to the Intel (security) architecture that aims to provide integrity and confidentiality and protects selected code and data from disclosure or modification.

Lenovo Security Console
Lenovo Security Console

An enterprise-ready (rules definable by the customer) secure Wifi access point solution which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.

Intel Authenticate Multifactor
Intel Authenticate Multifactor

Support for multiple industry standards of Smart Card authentication

IR Camera
IR Camera

IR cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection.

Intel Authenticate Multifactor
Intel Authenticate Multifactor

Support for multiple industry standards of Smart Card authentication

Intel Online Connect
Intel Online Connect

Enables simple and highly secure online authentication and payments.

Glance: Presence Detection
Glance: Presence Detection

Senses if the user is away and locks the system.

Glance: Gaze Detection
Glance: Gaze Detection

Senses if someone other than the user is looking at the screen annd auto-enables the privacy filter.

Geo-Fencing Security
Geo-Fencing Security

A location-based / geo-fencing method of authentication, using GPS and/or network location detection.

Secure NFC Tap-to-Login
Secure NFC Tap-to-Login

An additional factor of authentication based on Near Field Communications.

 

 

Working together
to 
fortify your business

shape blue line 38x10

ThinkShield brings world-class security providers together arm-in-arm to defend your company from security threats. Outfitting your business with modern Think devices, complete with the Intel® vPro™ platform and Windows 10 Pro, gives you the foundation for a secure business.

 logos thinkshield partners

blank spacer 385x1 v2

 

 

 

Security that's more usable for both admins and end-users

shape blue line 38x10

ThinkShield locks down your data without slowing down your team, offering automated and intelligent solutions that make your IT team more capable as defenders and growers of your business while staying out of the end-user's way.

 

 

 

thinkshield hexagon shape 3x greater return

 

 

IT RESOURCE TOOLKIT

We're here to help.

shape blue line 38x10

Find fresh perspectives and useful content to help elevate the importance
of end-to-end security within your organization.


Explore Resources

 

 

 

 

 

Simpler security starts here.

shape blue line 38x10

All new Lenovo devices are secure by design with essential ThinkShield protections built in.

Share This