Comprehensive and customizable end-to-end protection that secures your business without slowing down your people.

Smarter technology for all.

 

Download Solutions Guide

blank spacer 385x1 v2
Share This

 

ThinkShield is Lenovo’s portfolio of secure hardware, software, and services.

Secure Supply Chain

Rigorous, trackable, and auditable security standards are built into every step of our secure and transparent supply chain.

Lenovo Innovations

Every new Lenovo product is secure by design, with secure hardware engineered by the makers of the world’s most trusted business PCs.

World-Class Partners

We’ve partnered with the industry’s most trusted security providers to provide deeper and broader protections.

Share This

Built-in Platform Security


In 2006, an unprotected laptop was lost, revealing the personal information of 26.5 million U.S. veterans-costing up to 500 $ million. Protect your devices.

Anti Bridge Switch
Anti Bridge Switch

A BIOS-level security feature that prevents wired and wireless networking from being active at the same time.

BIOS Asset Information Area
BIOS Asset Information Area

An area of BIOS that can be customized with a customer’s own asset identification information (See Asset Tagging Service as well)

BIOS Windows UEFI Firmware Capsule Update
BIOS Windows UEFI Firmware Capsule Update

This allows Windows to process firmware updates just like it does Windows updates, meaning they come from a trusted source (Microsoft), preventing the installation of unsigned, malicious drivers and updates.

BitLocker Support
BitLocker Support

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Broad SmartCard Support
Broad SmartCard Support

Support for multiple industry standards of Smart Card authentication.

C-TPAT Logistics
C-TPAT Logistics

Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer's location.

Device Registration
Device Registration

The ability to notify Lenovo of a stolen or lost system and to have Lenovo designate it as such in our master global warranty entitlement database.

Disk Wipe Tools
Disk Wipe Tools

Think Drive Erase Utility is available for download and can be used to securely erase any Self-Encrypting (SED) SSD on ThinkPad

HDD Password
HDD Password

ThinkPad/ThinkCentre/ThinkStation BIOSes all have the ability to set a secure HDD password that 1) locks the read/write ability of drives and 2) protects access to the encryption key on self encrypting drives

HVCI Compliant Drivers
HVCI Compliant Drivers

Lenovo’s device drivers fully support Device Guard, Credential Guard (Microsoft Security features), and Boot Guard (Intel Security feature)

Intel Boot Guard w/ Verfied Boot
Intel Boot Guard w/ Verfied Boot

A BIOS-level security feature that prevents the system from booting an unauthorized operating system

Lenovo Self-Healing BIOS
Lenovo Self-Healing BIOS

Lenovo's Self-healing BIOS will recover and self-heal when corrupted or maliciously attacked.  This prevents hackers from infiltrating the lowest level firmware code on the device while also protecting against "bricks" if a BIOS update is interupted or fails.

Lenovo WiFi Security (Powered by Coronet)
Lenovo WiFi Security (Powered by Coronet)

A secure Wifi access point solution (integrated into Lenovo Vantage) which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior. 

LVFS & WU Firmware Update
LVFS & WU Firmware Update

Lenovo provides not only driver and software updates, but also BIOS and system level firmware updates to the LVFS (Linux Vendor Firmware Service) and Windows Update.  Ensures that IT admins can have a secure single source for all updates.

Match on Chip Fingerprint
Match on Chip Fingerprint

Securely stores and handles all aspects of fingerprint authentication within a single chip.

NIST Compliant BIOS
NIST Compliant BIOS

Lenovo BIOS is compliant with many NIST (National Institute for Standards and Technology) security standards.

No Backdoor Supervisor Password
No Backdoor Supervisor Password

Lenovo BIOS does not contain any backdoor ability to reset the master Supervisor password

NX protection support
NX protection support

The Internet control panel item includes an Enable memory protection option to help mitigate online attacks. This option is also referred to as Data Execution Prevention (DEP) or No-Execute (NX). When this option is enabled, it works with the processor to help prevent buffer overflow attacks by blocking code execution from memory that is marked as non-executable.

One Switch Device Guard
One Switch Device Guard

Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run. 

Packaging Security
Packaging Security

Lenovo logistics covers packaging, shipping, and delivery. Once the products are built and tested, they are packaged and prepared for shipping with tamper-evident materials so that any problems can be noticed immediately and in route, and the incident investigated. After packaging, Lenovo works with qualified logistics suppliers to safely deliver products to end customers. Protection throughout the shipping process includes secure facilities, trucks and conveyances, and thoroughly-screened employees, visitors, and drivers. Shipments are tracked from the time they leave Lenovo buildings until they are received at a customer's location.

PSIRT & FIRST
PSIRT & FIRST

Lenovo's Product Security Incident Response Team (PSIRT) welcomes information about potential security vulnerabilities from security researchers, academics, and others in the wider security community. The PSIRT will investigate the issue, develop or source fixes, and then provide these fixes to Lenovo customers as quickly as possible.

Secure Boot Support
Secure Boot Support

Secure boot checks for device firmware signing on bootup and prevents loading if the signature is invalid.

Secure MOR Support
Secure MOR Support

MOR prevents memory overwrites in BIOS, making it harder for malware to change the way a system boots

Secure Patch/Update of Drivers/Firmware
Secure Patch/Update of Drivers/Firmware

Think BIOS uses UEFI capsule update and BIOS updates are signed using SHA 256/RSA 2048 encryption algorithms.  Drivers are digitally signed as well.

SED (Self-Encrypting Drives)
SED (Self-Encrypting Drives)

A class of drives that contain a Self-Encrypting mechanism for securing data

Smart USB Protection
Smart USB Protection

On ThinkCentre desktops, the ability to lock out data transfer capabilities from all USB ports.  Only allows keyboards & pointing devices.

SMM protection support by WSMT
SMM protection support by WSMT

ACPI table defined by Microsoft that allows system firmware to confirm to the operating system that certain security best practices have been implemented in System Management Mode (SMM) software.

Spare Parts Handling
Spare Parts Handling

Lenovo Service Providers confirm that they track the disposal of products and parts. The Service Provider is solely responsible for all actions of their subcontractors have to ensure their own as well as their subcontractor compliance with environmental and security compliance guidelines. Lenovo Service Providers are required to provide full audit documentation to Lenovo.

Tamper Switch
Tamper Switch

The Lenovo Tamper Switch is present to prevent and/or notify IT admins of unauthorized access into a system. If the tamper switch is activated and triggered, then connection of the correct AC adapter and Supervisor password is required.

ThinkShield Engine
ThinkShield Engine

The ThinkShield Engine manages a number of key security features including: root of trust measurements, detection and remediation of overvoltage inputs, detection of genuine Lenovo batteries, tamper detection of bottom cover, and protection of storage passwords during tamper events and suspend/resume actions.  Additionally, Lenovo designed this chip to conserve space on the motherboard and improve power efficiency.

ThinkShield Secure Wipe
ThinkShield Secure Wipe

Secure Wipe is a feature included into the BIOS which reliably deletes all data from a drive without the need for external tools.  Secure wipe relies on the industry's best data wiping algorithms including the secure ATA erase command.

ThinkShield Secure Wipe
ThinkShield Secure Wipe

Secure Wipe is a feature included into the BIOS which reliably deletes all data from a drive without the need for external tools.  Secure wipe relies on the industry's best data wiping algorithms including the secure ATA erase command.

ThinkShutter
ThinkShutter

ThinkShutter is a simple and secure mechanical cover that covers the camera on ThinkPad laptops. Solves a problem previously addressed by unsightly and unreliable sticky-notes with an easy to use and truly secure design.  (Also available on some ThinkCentre All-in-one desktops)

Thunderbolt security
Thunderbolt security

ThinkPad systems with Thunderbolt technology have the option in BIOS to set security levels which dictate how Thunderbolt ports can be used.

TPM 1.2/2.0
TPM 1.2/2.0

Think branded products contain a TPM module which  is a specialized chip on an endpoint device that stores encryption keys specific to the host system for hardware authentication. 

Trusted Service
Trusted Service

Trusted Service refers to the process Lenovo uses for ensuring that both Lenovo and its service providers handle all customer systems, equipment, and data securely during any repair or service, as well as during asset disposal.

Trusted Supplier Program
Trusted Supplier Program

Lenovo's Trusted Supplier Program plays a critical role in the development, manufacture, and delivery of our products. The supply chain begins with the management and control of a qualified supplier base, which provides qualified and secure components for use in development and manufacturing.

VT-d IOMMU support
VT-d IOMMU support

Makes direct access to a PCI device possible for guest systems with the help of the Input/Output Memory Management Unit (IOMMU) provided.

VT-x and EPT or AMD-V support
VT-x and EPT or AMD-V support

Allows multiple workloads to share a common set of resources. On shared virtualized hardware, a variety of workloads can co-locate while maintaining full isolation from each other, freely migrate across infrastructures, and scale as needed

Wifi 6
Wifi 6

WiFi6 includes WPA3, which adds new features to simplify Wi-Fi security, enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain resiliency of mission critical networks.

Windows Hello / FIDO2 Enablement
Windows Hello / FIDO2 Enablement

FIDO is an industry alliance providing open and scalable standards that enable simpler and more secure user authentication experiences across many websites and mobile Matthew Kohut <[email protected]>. Lenovo partner GO-Trust offers the ability to implement FIDO in the customer's environment (AD, SSO, etc)

Device Protection


In 2013, Target allowed exposure of 40 million credit and debit card numbers, costing the company over 200 $ million. Keep your data safe.

3M Filters
3M Filters

Add-on screen filters that protect sensitive data from shoulder surfing/visual hackers

Asset Tagging Service
Asset Tagging Service

With Lenovo's Standard and Enhanced Asset Tagging, customers can have information-rich, tamper-resistant asset tags affixed to their PC and/or stored in the system's BIOS before the PC is delivered to them. Asset tags can also be etched into the system lid, if etching is available in country.

Autopilot
Autopilot

Microsoft Autopilot is a collection of technologies used to provision and set-up new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices. 

BIOS Reading Room
BIOS Reading Room

A premium service that allows customers to visually inspect all Lenovo Think commerical products' BIOS source code in a controlled physical environment. Nearly 2 MILLION lines of source code available for inspection. 

Full Drive Encryption
Full Drive Encryption

Lenovo can also pre-encrypt the hard drive on the manufacturing line, eliminating the multiple-hour wait required when full-drive encryption is deployed manually.

Geo-fencing Security
Geo-fencing Security

A location based /geo fencing method of authentication, using GPS and/or network location detection.

Glance - Presence Detection
Glance - Presence Detection

Presence detection - Senses if the user is away and locks the system. Gaze detection - Senses if someone other than the user is looking at the screen and notifies the user.

Intel Hardware Shield
Intel Hardware Shield

Intel Hardware Shield helps minimize the risk of malicious code injection. This new firmware feature, available in the Intel® vPro™ platform, locks the BIOS when software is running to help prevent planted malware from gaining traction. 

Intel Remote Secure Erase
Intel Remote Secure Erase

Allows IT Administrators to remotely wipe an Intel Pro SSD drive on an AMT enabled (and provisioned) device

IR Camera
IR Camera

IR Cameras in ThinkPad systems enable Windows Hello facial/biometric logon, as well as Mirametrix Glance presence detection

ITC First Boot Service
ITC First Boot Service

Lenovo’s First Boot Matthew Kohut <[email protected]> (FBS), shifts unattended first boot tasks (PC image set-up processes that must be completed before a technician or end-users can use the device) –into Lenovo manufacturing, increasing security and reducing time, resources, and cost necessary for IT admins to deploy PCs

ITC Image Verification
ITC Image Verification

Lenovo’s Imaging Technology Center can audit and verify the security and integrity of a customer’s preload image before it is installed on PCs, whether it is installed by Lenovo in manufacturing or by the customer themselves.

Keep Your Drive Service
Keep Your Drive Service

Customers retain their hard drive, and hence their data, in a warranty situtation, improving secuSecuring business data is essential. Under the terms of the Lenovo Limited Warranty, when Lenovo replaces a defective part, that part becomes the property of Lenovo. Lenovo's Keep Your Drive service allows customers to keep their drives and dispose of business data on their terms, improving data security and ensuring compliance with data privacy and retention requirements, as well as mitigating civil liability risks associated with data breach.rity and potentially alleviating civil liability risks. 

Kensington Lock
Kensington Lock

Built-in receptacles in all Think products allow use of physical security lock cables from Kensington (and other manufacturers)

Laser Etching
Laser Etching

Combine Asset Tagging with Laser Etching services to provide a secure, tamper-resistant means of identifying your customer's PC assets. Systems can be etched with customer logo and messaging. PCs are secured while providing a unique way to promote the customer's brand.

Lenovo Fingerprint Biometric USB Mouse
Lenovo Fingerprint Biometric USB Mouse

The Lenovo Fingerprint Biometric USB Mouse delivers solid protection against intrusion with 256-bit encryption and industry-leading performance for secure identification.

Ready to Provision (RTP & RTP+) Preloads
Ready to Provision (RTP & RTP+) Preloads

RTP Preload is a custom model preload that is the cleanest preload ever, 25 applications removed, no third party SW, and more efficient .inf-only drivers. RTP+ gives customers the ability to supply up to five scripts to be installed in manufacturing with RTP as the base OS.

ThinkPad PrivacyGuard with PrivacyAlert
ThinkPad PrivacyGuard with PrivacyAlert

Built-in ePrivacy screen that protects sensitive data from shoulder surfing/visual hackers (w/ gaze (shoulder surfing) detection & notification (PrivacyAlert))

Transparent Supply Chain
Transparent Supply Chain

Transparent Supply Chain helps assure resellers and end-customers that their products come with a level of accountability and traceability unprecedented in the industry. The end result is a more secure supply chain for the industry.

USB Secure Hard Drive
USB Secure Hard Drive

Optimized for safeguarding essential data while on-the-go, the ThinkPad USB Secure Hard Drives offer high-level, 256-bit Advanced Encryption Standard (AES) security within a slim, lightweight, self-powered, easy-to-use design.

Threat + Data Protection


In 2014, stolen credentials exposed 145 million eBay users, causing the company to revise revenue targets down by 200 $ million. Make sure your devices know you.

BufferZone (sandboxing)
BufferZone (sandboxing)

BUFFERZONE uses patented virtualization technology to isolate internet applications and contain cyber attacks so that they can not get through to the endpoint or the network.

Cloud Recovery
Cloud Recovery

Cloud Deploy is a practical way for customers to manage risk and recovery through three services: Quick Image, Cloud Recovery, and Image Management. Cloud Deploy solutions provide the optimal restore, deploy, and recover experience

Intel Threat Detection Technology
Intel Threat Detection Technology

Hardware-based cybersecurity which enhances system protection by using hardware to deliver two powerful and innovative capabilities: Hardware-based Accelerated Memory Scanning (AMS) and Advanced Platform Telemetry.

Lenovo Asset Recovery Service
Lenovo Asset Recovery Service

Lenovo's Asset Recovery Service (ARS) helps customers mitigate the environmental and data security risks associated with end-of-life asset disposal. ARS offers a single source solution for the secure, documented disposition of IT assets and data. ** KBL-R platforms will be the last supported

Lenovo Data Protection by Carbonite (Previously OLDB)
Lenovo Data Protection by Carbonite (Previously OLDB)

Easy-to-use, automatic online backup and recovery software solution to store data and confidential information in the cloud. With this tool, organizations and user 

SentinelOne
SentinelOne

Endpoint Protection Platform with Patented AI agent model that live on each device, predicting tomorrow’s attacks today and enabling devices to self-heal from broad modes of attack instantaneously

WinMagic
WinMagic

WinMagic SecureDoc Enterprise is a flexible, scalable solution designed not only to protect data and ensure compliance, but more importantly to optimize operations and enable a unified encryption strategy across an enterprise.

Security Management


In 2018, one click on a phishing link unleashed malware that exposed the personal records of 1.5 million SingHealth patients. Avoid online threats.

Absolute Software
Absolute Software

Provides IT admins with a reliable two-way connection with all of their devices, so they can secure endpoints, assess risk, and respond appropriately to security incidents. Most importantly, they can apply remote security measures to protect each device and the data it contains.

Endpoint Resilience Assessment by Absolute
Endpoint Resilience Assessment by Absolute
Lenovo Patch with Self-Healing from Absolute Software
Lenovo Patch with Self-Healing from Absolute Software

A plug-in module for the MS SCCM management console that simplifies Lenovo BIOS, driver, and 3rd party application updates.  Including automated self-healing capabilities from Absolute that perform a zero-touch repair or re-installation for agents that may not be working properly.

Lenovo Security Console
Lenovo Security Console

An enterprise-ready (rules definable by the customer) secure Wifi access point solution which uses behavioral rules and defined lists to notify users when connecting untrusted public networks by warning them of suspicious access point behavior.

Lenovo Unified Workspace
Lenovo Unified Workspace

Lenovo Unified Workspace is a software product from Lenovo Software that gives end users in an organization the flexibility to work when, where and how they want, by enabling IT to provide the right apps and content to the right users, on any device – anytime, anywhere.

Mobile Iron
Mobile Iron

Industry-leading EMM (Enterprise Mobility Management) tool which allows IT admins to manage their devices regardless of OS or device type.

Remote SVP by Absolute (Remote Supervisor Password)
Remote SVP by Absolute (Remote Supervisor Password)

RSVP, powered by Absolute enables IT Admins to securely and easily mange BIOS Supervisor Passwords from a web console.  This also allows IT Admins to set a supervisor password remotely without having physical presence.

ThinkShield Dark Endpoint Detection (powered by Absolute)
ThinkShield Dark Endpoint Detection (powered by Absolute)

This solution provides continuous visibility and control of the most vulnerable attack vector – Dark Endpoints –on or off their corporate networks regardless of location or existing security measures.

 

 

Working together
to 
fortify your business

ThinkShield brings world-class security providers together arm-in-arm to defend your company from security threats. Outfitting your business with modern Think devices, complete with the Intel® vPro™ platform and Windows 10 Pro, gives you the foundation for a secure business.

 

blank spacer 385x1 v2

 

 

 

Security that's more usable for both admins and end-users

ThinkShield locks down your data without slowing down your team, offering automated and intelligent solutions that make your IT team more capable as defenders and growers of your business while staying out of the end-user's way.

 

 

 

thinkshield hexagon shape 3x greater return

 

 

IT RESOURCE TOOLKIT

We're here to help.

Find fresh perspectives and useful content to help elevate the importance
of end-to-end security within your organization.


Explore Resources

 

 

 

 

 

Simpler security starts here.

All new Lenovo devices are secure by design with essential ThinkShield protections built in.

Share This