Beyond Passwords: Industry Steps Up to Hardware-Enhanced Endpoint Security

When talking about security threats that face companies today, I compare them to the difference between a gas leak in your home and carbon monoxide.

Gas companies put a scent in natural gas, so if there’s a leak you can smell it, and you know there’s a problem. Computer performance is like that. Users notice when their PC is running slower, they don’t like it, and they want to get the problem fixed.

A security issue is more like carbon monoxide. You can’t see it, you can’t smell it, and by the time you know you’ve got a problem, it’s too late.

Security breaches within businesses have become commonplace. There are now billions of cyber exploits every day, according to the 2017 Internet Security Threat Report by Symantec*. In 2016, these attacks were successful enough to expose over 1.1 billion identities, according to the same report. The bottom line is that 90 percent of security incidents result from exploits against software defects, according to a CSO report attributed to the U.S. Department of Homeland Security.1

2017 is on pace to set a new record for compromised identities, with more than 1,200 breaches recorded and 3.4 billion records exposed according to Risk Based Security’s Q1 2017 DataBreach QuickView Report. It’s not a matter of if a business will be attacked, but rather, when.

Looking back over the past year’s data breaches, there’s one common thread: weak identity protection at the endpoint.

The PC is a front door to a company’s network and assets. But all too often, that PC is outdated and lacking hardware-enhanced protection. In other words, the front door is wide open.

Older endpoints are vulnerable because their technology only supports single-factor identity protection at the software layer, rather than providing a much more secure multifactor authentication solution rooted in the PC hardware. A common vulnerability is the use of weak or stolen passwords. This is a problem, as more than 80 percent of major data breaches come from password issues at the software level, according to the 2017 Verizon Data Breach Investigations Report.

In this program, two of the industry’s leading experts – Gartner Research Vice President Lawrence Pingree and Intel Vice President and General Manager of Business Client Platforms Tom Garrison explore important security questions.

<!-- Gartner webinar video -->

Why Multifactor Identification Matters

There is now a more effective approach to identity and access management: multifactor authentication anchored in silicon inside Intel-based, enterprise PCs. With the Intel® Core™ vPro™ platform, our security solutions provide a unique, deeper layer of protection at the root of trust: the hardware component of the computing stack. While two-step authentication is certainly stronger than one, true multifactor authentication encompasses:

  • Something you know, like a PIN
  • Something you are, like a fingerprint or some other biometric
  • Something you have, like a physical token or nearby device that can broadcast a Bluetooth signal

As a result, cyber criminals have a much harder time gaining access to a PC.

As part of the migration to Windows 10, companies can strengthen security today by upgrading to new devices powered by 7th Generation Intel® Core™ vPro™ processors with Intel® Authenticate deployed. This combination gives you customizable, hardware enhanced, multifactor authentication with biometrics, credentials and the IT policy engine all stored and executed securely in hardware – below the software layer where attacks are prevalent.

More than 50 PC designs have been optimized for Intel® Authenticate since its introduction in January 2016. Our hardware-enhanced solution supports a range of customizable, hardened factors to fit specific business needs and integrates easily into existing environments.

And there’s a bonus: Users love it because they don’t have to remember complex, ever-changing passwords.

Endpoint security doesn’t end with identity protection. We’re also aggressively innovating to make hardware the center of data protection. The 7th generation Intel® Core™ vPro™ processor-based devices, announced in January 2017, support a new hardware-enhanced file encryption solution called Intel® Data Guard.

Intel Data Guard lets IT centrally set policy on how and when to encrypt files, then execute that policy automatically on individual endpoints. IT has the flexibility to decide how and when files should be encrypted automatically (without any user action) or whether certain file types or folder locations can be encrypted at the user’s discretion.  This dramatically reduces human error from the process, because users no longer are exclusively relied upon to remember to encrypt sensitive data.  The result is less risk of data loss of sensitive company data.

The key to staying ahead of today’s ever-evolving security environment is to deepen your endpoint protections. Refresh older PCs with modern systems that feature hardware-based security defenses that transform an endpoint problem into a key part of the solution.