A secure computer is like a layer cake. While the layers of a compute stack are decidedly less delicious, each part, from top to bottom, needs to have a security feature baked into it.
Yet, no matter how secure each layer may be, attackers will work tirelessly to find a vulnerability and exploit it. No organisation is immune. Today, ransomware attacks are becoming “the defining online security issue of our era,” according to a June 2020 report from ZDNet.
These cyberattacks can sneak into a system unnoticed, eventually gaining access to each layer of the computer stack. From there, bad actors can do more than just steal data — they can commandeer computing resources on a vast scale, which can have catastrophic consequences.
Software alone offers some protection, but security solutions rooted in hardware offer a greater opportunity to provide security assurance against current and future threats. The Intel® vPro® platform, and the added security innovations it brings, helps to harden these layers of the stack that depend on it like apps, OS, virtual machine, hypervisor, BIOS/Firmware and CPU.
Intel® Hardware Shield is a comprehensive set of out-of-the-box, hardware-based security features available exclusively on the Intel® vPro® platform. It adds protection to every layer of the computing stack with three groups of security capabilities — Advanced Threat Protection, Below-the-OS Security and Application and Data Protection.
Here is how each of the security capabilities in Intel® Hardware Shield protects against attacks at the foundational level.
1. Advanced Threat Protection
To single out elusive ransomware and cryptomining attacks, IT needs a group of hardware-powered, AI-enabled threat detection technologies that will result in fewer false positives and have little impact on system performance.
Intel® Threat Detection Technology (TDT) within Intel® Hardware Shield is a suite of capabilities that utilises silicon-level telemetry and acceleration power to identify threats and detect abnormal activity. Intel® Threat Detection Technology actively works to detect malicious agents and takes full advantage of the advanced telemetry capabilities rooted in Intel® Hardware Shield. It helps IT departments quickly detect and remediate the latest ransomware and cryptomining attacks while offloading security workloads to Intel® Iris® Xe graphics — and not at the expense of productivity.
2. Below-the-OS Security
Intel® Hardware Shield lets IT lock down memory in the BIOS against firmware attacks and enforce a secure boot at the hardware level. Intel® Hardware Shield helps identify unauthorised changes to hardware and firmware by providing visibility into how the OS and BIOS use hardware protection. This also helps prevent malicious code injection into the BIOS and minimises downtime with advanced recovery features.
These below-the-OS security features are set up by the PC manufacturers, so users and IT can take advantage of this added layer of security right out of the box.
3. Application and Data Protection
Intel® Hardware Shield improves data protection from theft and tampering through virtualisation-based security. This helps prevent memory corruption and malware injection. It does so by isolating different workspaces and reducing attack surfaces. For instance, if there is malware running in the OS, virtualisation can isolate secure workloads from the main OS and keep them running from inside a secure virtual machine (VM).
New cyber threats call for modern endpoint security strategies. Enterprises can modernise their IT operations by refreshing their PC fleets with the right devices, keeping devices updated and patched, and layering in these additional hardware-based security features.
Intel® builds products with security integrated at every step, backed by dedicated teams tirelessly committed to security assurance. The Intel® vPro® platform provides comprehensive security baked into every layer of the compute stack. For IT, the Intel® vPro® platform makes protecting both systems and employees seem like a piece of cake.
1. Intel® applies the security development lifecycle from inception to production, with testing from teams of dedicated security experts. Learn more at https://www.Intel.in/content/www/in/en/now/11thgenvPro.html