Hardware: The Foundation for PC Security

Software security requires a hardware security foundation.

In the first nine months of 2019, companies reported a whopping 5,183 breaches that exposed 7.9 billion records, according to the 2019 Data Breach QuickView Report1 This translates to a 33.3 percent increase in breaches from the year before and more than double the total number of records exposed.

As attackers evolve their techniques to go after the most sensitive data, security leaders need to think about where they can add more layers of protection to ensure that every part of every system is protected.

Security Snapshot 2 3 4

Think Zero Trust. It’s a security concept based on the belief that organizations shouldn’t automatically trust anything inside or outside their perimeter but should instead verify everything trying to connect to its systems before granting access.

And while it sounds like the perfect scenario, reaching Zero Trust requires that organizations take a more holistic approach to security. That’s why Intel and partners across the PC ecosystem—from OEMs to component manufacturers—are working together to ensure that PCs are secured on both the hardware and software levels. The software ecosystem can innovate and build on this hardware security foundation to provide the best, up-to-date solutions to end customers. This will help organizations stay ahead of hacks, reduce risk, lower TCO, and achieve corporate goals—all while quickly remediating issues and enhancing the user experience.

How to Protect Your PC Foundation

Protect every endpoint

Today’s workers take their companies’ data with them wherever they go. They have to. Immediate access to insights helps them make split-second, informed business decisions. And because PCs are the device of choice for mobile workers, it means their devices, applications, data, and identities need to be protected.

That’s why the industry is moving toward increasing security through client virtualization. Major ecosystem partners (including OSVs, OEMs, and ISVs) have virtualization-based solutions that require client hardware to support virtualization, which can give systems greater flexibility (application compatibility), security, performance, and resilience. For example, Microsoft built virtualization-based security (VBS) into Windows 10 OS. This virtual secure mode isolates a region of memory from the normal OS to better protect against vulnerabilities and prevent breaches. However, because VBS strengthens software and OS security, hackers are now moving further down the stack, targeting firmware.

So, not only do you have to secure your software, you need to secure your hardware too. At Intel, we are intimately familiar with the cyberthreats organizations are facing, and we have taken action to protect our customers and their data. Built into the Intel vPro® platform, Intel® Hardware Shield provides integrated hardware and software features. Our platform is built, tested, and works together to help provide strong security, supporting its other core capabilities around performance, stability, and manageability.

Here’s an example of how we keep PCs secure: Intel® Hardware Shield strengthens VBS using hardware-based security features to protect computers as they’re running. Below-the-operating-system capabilities also support a secure boot, launching systems into a trusted state. To minimize the risk of malicious code, we lock down memory in the BIOS to prevent planted malware from gaining high privileges and compromising the operating system.

Increase hardware/software visibility

In order to accurately assess the security of your systems, your teams need visibility into firmware security measures. DRTM—also known as the dynamic root of trust for measurement—is built into Intel® Hardware Shield and provides hardware-to-software security visibility. This allows you to verify that operating systems are running on legitimate hardware (components legitimately sold on the market). It also protects your systems from malicious code—one of the primary vectors for major attacks.

With additional visibility, you can ensure your operating system enforces a more complete security policy—all with no additional IT infrastructure required.

Speed up your response

Cyberattacks can happen without warning, so it’s important to ensure you can deploy security patches at a moment’s notice, anywhere your workers are located—even if the patch was released at some time other than its normal release date. This requires a remote management system that can help you remediate infected devices out of the box, so users can get back to work with minimal delays. As part of our security-first pledge, Intel continues to work with partners to provide patches in a timely fashion, and ease how patches are deployed to end customers.

And the potential for savings is substantial, as estimated in a study using a composite organization. The Forrester study shows that IT managers and desktop operations specialists at the composite organization save a total of 832 hours deploying patches and handling in-person exceptions, adding up to more than USD 81,000 over three years.5

Authenticate PC purchases

A growing number of businesses are concerned with supply chain transparency —including how PC tampering might cause safety hazards or failure of critical business applications. However, trusting the sources in your supply chain is challenging. Processes for screening out counterfeit components are limited, especially for products with multiple subsystems. In fact, many companies buy IT equipment without knowing that counterfeit components have entered their systems.

In order to mitigate risk and increase integrity in your supply chain, you’ll need to ensure you have the proper levels of accountability and traceability for hardware, firmware, and system components. This is the aim of Intel’s Compute Lifecycle Assurance (CLA) initiative: to provide greater transparency and higher levels of assurance throughout every stage of the platform lifecycle. On the Intel vPro platform, this includes system and component level traceability linked to Intel Transparent Supply Chain (TSC) on the platform, as well as platform certificates providing digital proof of product origin. The end result is a more secure supply chain for your organization, and the industry.

Secure your foundation, secure your business

Staying one step ahead of hackers has never been easy. But with today’s advanced technologies in the Intel vPro platform, you can get a running start. For example, with advanced threat detection, your team can offload routine security functions for less user impact and uninterrupted productivity—without compromising performance.

Together with Microsoft and OEM partners, Intel is also developing secured-core PCs, which feature deep hardware-software integration and the latest Intel® Core™ vPro® processors for more robust threat protection. And we fully support National Institute of Standards and Technology (NIST) standards for risk management to help organizations around the world strengthen their cybersecurity practices.

How the Intel vPro(R) Platform Delivers
How the Intel vPro® Platform Delivers 6 7 8 9 10 11 12
Intel vPro® Platform Claims Based on Composite Organization. Read the full study at intel.com/vProPlatformTEI.

 

By securing your business PCs proactively at the foundation level, you can accelerate and scale security while enabling IT to reduce user downtime, interruptions, and delays.

The time for Zero Trust is now. And with the Intel vPro® platform, you can get there sooner than you think.

Notices & Disclaimers
Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.
All product plans and roadmaps are subject to change without notice.
Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
1 Data Breach QuickView Report, RiskBased Security, 2019.
2 Based on a survey of 500 enterprise CIOs in the US, the UK, France, and Germany. CIO Study, Venafi, 2016.
3 How PCs Will Drive the Future of Work, Forrester, 2020.
4 SOZO Technologies, 2016.
5 The Total Economic Impact™ of the Intel vPro® Platform, a study commissioned by Intel and conducted by Forrester Consulting (Dec. 2018). ROI that other organizations will receive will vary based on a variety of factors including size and baseline level of security, manageability, and productivity before the business switched to the Intel vPro platform. Consult other sources and use information specific to your organization to determine benefits for your organization. Read the study at intel.com/vProPlatformTEI.
6 The Total Economic Impact™ of the Intel vPro® Platform, Forrester, December 2018. A study commissioned by Intel and conducted by Forrester Consulting that surveyed 256 IT managers at midsized organizations (100–1,000 employees) using Intel vPro® platforms in the US, the UK, Germany, Japan, and China. Seventy-five percent either “agreed” or “strongly agreed” with the statement that computers with Intel® Core™ vPro® processors and Windows 10 are more secure than before. Read the study at intel.com/vProPlatformTEI.
7 The Total Economic Impact™ of the Intel vPro® Platform a study commissioned by Intel and conducted by Forrester Consulting (Dec. 2018). ROI that other organizations will receive will vary based on a variety of factors including size and baseline level of security, manageability, and productivity before the business switched to the Intel vPro® platform. Consult other sources and use information specific to your organization to determine benefits for your organization. Read the study at intel.com/vProPlatformTEI.
8 The Total Economic Impact™ of the Intel vPro® Platform, a study commissioned by Intel and conducted by Forrester Consulting (December 2018). Results also include an ROI of 155 percent and an NPV of USD 2.8 million. ROI, NPV, and payback that other organizations will receive will vary based on a variety of factors, including size and baseline level of security, manageability, and productivity before the business switched to the Intel vPro® platform. Consult other sources and use information specific to your organization to determine benefits for your organization. Read the study at intel.com/vProPlatformTEI.
9 Performance results are based on testing as of March 21, 2019, and April 3, 2019, and may not reflect all publicly available security updates. See configuration disclosure for details. No product can be absolutely secure.
Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors.
Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations, and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information, visit intel.com/benchmarks.
10 Up to 11 hours’ battery life for a productive workday with an 8th Gen Intel® Core™ i7-8665U processor as measured by MobileMark* 2018 workload on preproduction OEM system with Intel® Core™ i7-8665U processor, PL1= 15W TDP, 4C8T; turbo up to 4.8 GHz; graphics: Intel® UHD Graphics 620; display: 14" screen with 1920x1080 resolution; memory: 16 GB; storage: Hynix 256 GB; battery size: 52 WHr; OS: Windows® 10 Pro; BIOS: v.1.0.1; MCU: AA display brightness is set to 150 nits on DC power. System’s wireless network adapter is turned on and associated to a wireless network that is not connected to the internet.
11 As measured by Microsoft Power BI* Data Source Change Workload comparing 8th Gen Intel® Core™ i7-8665U vs. 6th Gen Intel® Core™ i7-6600U. This workload measures the time it takes to change the data source for a Power BI Dashboard and update the dashboard with the new data.
12 REFRESH CONFIGURATIONS
NEW: Intel Reference Platform with: Intel® Core™ i7-8665U processor, PL1= 15W TDP, 4C8T; turbo up to 4.8 GHz; graphics: Intel® UHD Graphics 620; memory: 2x4 GB DDR4-2400; storage: 512 GB Intel® 760p SSD; OS: Microsoft Windows® 10 RS5 build version 1809 (build 1763v1); BIOS: x177; MCU: A8.
3-YEAR-OLD: OEM system with Intel® Core™ i7-6600U processor, PL1=15W TDP, 2C4T; turbo up to 3.9 GHz; Intel HD Graphics 620; display: 14" screen with 1920x1080 resolution; memory: 8 GB DDR4; storage: 256 GB SSD; battery size: 36 WHr, OS: Microsoft Windows 10 Pro RS5 build version 1809 (build 1763v292); BIOS: v1.0.1; MCU: C2.
Published on Categories IT Management, SecurityTags , ,
Abhilasha Bhargav-Spantzel

About Abhilasha Bhargav-Spantzel

Abhilasha Bhargav-Spantzel is a Principal Engineer at Intel, focusing on hardware-based security product architecture. She joined Intel in 2007 after completing her doctorate from Purdue University, where she focused on identity and privacy protection using cryptography and biometrics. Abhilasha drives thought leadership and the future evolution of cyber security platform through innovation, architecture and education. She has given numerous talks at conferences and universities as part of distinguished lecture series and workshops. She has written five book chapters and 30+ ACM and IEEE articles and has 25+ patents. Abhilasha leads multiple diversity and inclusion efforts and actively drives retention and development of women in technology.