Foundational PC Protection for the Changing Security Landscape

Cyber-attacks are getting more sophisticated, and invaders are always on the lookout for the next surface of attack. As an industry, we have gotten good at software and OS-level protection. Virtualization-based technology has helped improve the security at the OS level. That means we are likely to see more hackers go after surfaces below that in hardware and firmware. We need to make sure we are improving security at those levels as well. As cyberattacks move down the layers of the stack, software-only security is no longer sufficient. Security established at each layer is only as secure as the next-lowest layer. The importance of foundational, silicon and firmware-level security has never been greater.

Working with our partner to address the new threat landscape

Today, our partners at Microsoft announced that, using new hardware capabilities from Intel, Windows Defender now implements System Guard Secure Launch as a key Secured-core PC device requirement to better protect the boot process from firmware attacks. System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from Intel.

“As more protections are built into the operating system, attackers are forced to shift their sights to other targets like firmware,” said David Weston, partner director of OS Security at Microsoft. “To protect from these kinds of targeted attacks, we’ve partnered with silicon vendors, including Intel, to ensure multiple security features are applied to the firmware layer, or the device core, that underpins the Windows operating system to further enhance security.”

With these protections, systems can leverage firmware to start the hardware, and then shortly after, re-initialize the system into a more trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path.

How the Intel vPro® platform helps protect your PC hardware

With the Intel vPro® brand, customers can be assured that they are getting the hardware capabilities they need to deliver enterprise solutions. With the launch of 8th Gen Intel® Core™ vPro™ processors for businesses in April 2019, we unveiled Intel® Hardware Shield, which provides built-in security features to help protect hardware.

In addition to supporting System Guard Secured Launch, Intel® Hardware Shield also helps reduce the attack surface of the BIOS. It helps prevent a bug or vulnerability in firmware being used to inject malicious code in system memory at runtime and hide from traditional anti-virus solutions.  Intel® Hardware Shield also provide OS with unique visibility of how the BIOS is using hardware. Importantly, no additional IT infrastructure is required.

In addition, Intel® Hardware Shield allows customers to get the latest from Microsoft with System Guard. Intel® Hardware Shield as part of the Intel vPro® platform, combined with Microsoft System guard gives customers added security. Founded in hardware and implemented in software – Intel® Hardware Shield is the cornerstone of a more secure PC fleet.

Security by the Numbers

The financial cost of a security breach has become nearly impossible to quantify. We attach figures to the fines and lawsuits doled out (British Airways a record $230 million; Marriott, $124 million; Equifax at least $575 million—for poorly protecting data or mismanaging breaches.1) However, when we add in costs like reputation hits or lost customer trust, the true cost to businesses, is infinite.

Organizations need the best PC platform for business, one that helps end users contribute at the highest level, lets IT simplify fleet maintenance, and helps companies protect their assets, maximizing efficiencies and team productivity. The Intel vPro® platform provides a highly secure platform foundation and helps IT managers address the changing threat landscape. In a recent Intel-commissioned study by Forrester Consulting, 75% of IT managers surveyed reported Intel vPro platform-based devices are more secure.2 Now those are some security numbers I can get behind.

To learn more, visit the Intel® Hardware Shield website.

1 https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html

2 The Total Economic Impact™ of the Intel vPro Platform, Forrester, December 2018.  A study commissioned by Intel and conducted by Forrester Consulting which surveyed 256 IT managers at mid-sized organizations (100-1,000 employees) using Intel vPro platforms in US, UK, Germany, Japan and China.  75% either “agreed” or “strongly agreed” with the statement that computers with Intel Core vPro processors and Windows 10 are more secure than before.  Read at Intel.com/vProPlatformTEI

                                               

Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com

Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings.  Circumstances will vary. Intel does not guarantee any costs or cost reduction.

© Intel Corporation. Intel, the Intel logo, Intel vPro, are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

Other names and brands may be claimed as the property of others.

Published on Categories Security, UncategorizedTags , , ,
Michael Nordquist

About Michael Nordquist

Michael Nordquist is the Director of Strategic Planning and Architecture in the Business Client Group. He has overall product planning and architecture responsibility for Intel’s business client platforms, including the Intel® vPro™ brand, across all desktop and mobile platforms. Nordquist has held a variety of sales, marketing, planning, and management roles since joining Intel in 2000. Prior to running product planning for the Business Client Group, he was the director of strategic planning focused on phones, tablets, and our Intel® Atom™ microprocessor. He holds a bachelor’s degree in electrical engineering from the University of Minnesota and an MBA from Babson College.