Defeating malware infections with Intel system defense

I'm Omer Ben-Shalom and I am a principal engineer with Intel information technology (IT) focusing on mobility and client platforms. I have had the pleasure of working with the Intel development teams on the vPro AMT system defense and decided to share my experiences via a three part video series showing how system defense can help in active response to infected PCs.

<br>

There are many threats to the environment. the 'classical' threats originate from the outside and it is the job of the perimeter defenses such as firewalls, IPS and others to block them but the more problematic ones are those that originate from inside the perimeter, these type of attacks are mostly conducted from legitimate machines owned by the business and are quite often carried inside the perimeter unknowingly by employees especially when using mobile platforms such as notebooks which are carried outside the business and back in.

<br>

Detecting infected PCs and other malicious activity is done with the help of the various intrusion detections systems and the alerts generated can be collected and aggregated to provide a very good picture of the existing threats. A much more difficult task is the ability to quarantine the hosts carrying out the malicious activity and perform remediation. there are solutions involving both host software and network side blocking but with the host possibly compromised and the network location of the offending host subject to change with mobile platforms effective quarantine and remediation is very complex.

This is where the Intel vPro system defense capabilities come into play by allowing selective network access restrictions on a host, these restrictions can allow only the connectivity necessary to fix the problem and being implemented on the host platform itself cannot be escaped just by changing the network location.

<br>

This week we are publishing the first of a three part video series on how to use system defense for this purpose both manually and via integration to existing AMT management. I hope you will all take the time to view the introduction video below. any comments are welcome. I would love to hear your views about the problem as well as the solution.

<br>
<br>

<script type="text/javascript" src="http://www.podtech.net/player/popup.js"></script>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="480" height="299" id="player14a7fa333c9d40418ea589c1ac736cbf" align="middle"><param name="allowScriptAccess" value="always" /><param name="FlashVars" value="content=http://media1.podtech.net/media/2008/08/PID_013712/Podtech_Intel_vPro_AMT1.flv&totalTime=214000&permalink=http://www.podtech.net/home/5329/vpro-technology-system-defense-nar-videos-part-1-of-3&breadcrumb=14a7fa333c9d40418ea589c1ac736cbf" height="299" width="480" /><param name="movie" value="http://www.podtech.net/player/podtech-player.swf?bc=14a7fa333c9d40418ea589c1ac736cbf" /><param name="quality" value="high" /><param name="scale" value="noscale" /><param name="bgcolor" value="#000000" /><embed name="player14a7fa333c9d40418ea589c1ac736cbf" type="application/x-shockwave-flash" src="http://www.podtech.net/player/podtech-player.swf?bc=14a7fa333c9d40418ea589c1ac736cbf" flashvars="content=http://media1.podtech.net/media/2008/08/PID_013712/Podtech_Intel_vPro_AMT1.flv&totalTime=214000&permalink=http://www.podtech.net/home/5329/vpro-technology-system-defense-nar-videos-part-1-of-3&breadcrumb=14a7fa333c9d40418ea589c1ac736cbf" height="299" width="480" allowScriptAccess="always" ></embed></object>
<noscript>Your browser does not support JavaScript. This media can be viewed at <a href="http://www.podtech.net/home/5329/vpro-technology-system-defense-nar-videos-part-1-of-3">http://www.podtech.net/home/5329/vpro-technology-system-defense-nar-videos-part-1-of-3</a></noscript>
<br>
<br>
<br>

I hope you enjoyed this video, parts two and three should post by next week, stay tuned