Security
Engage with our experts on security topics
74 Discussions

A business built on Intel vPro is a Business Built on Security: Introducing 12th Gen vPro Security

Michael_Nordquist
0 0 6,441

Solar Winds, Colonial Pipeline… these and other recent breaches reinforce the urgent need for executives and IT managers to protect their businesses from being the next headline. Software alone is not enough—businesses need a trusted silicon vendor to provide hardware-based security

Intel is a leader in Security Standards, Practices, Technologies and Products

For more than 15 years, we’ve built and evolved the Intel vPro® platform, making it the business client platform that provides the most comprehensive security for your business.1 With each new generation, we aim to reduce the attack surface, adding more defense-in-depth and zero-trust security protections up and down the stack.

Today, the world’s largest Windows compute ecosystem uses Intel’s latest innovations to help protect, detect and recover from ever-evolving and intensifying cyberthreats.

Modern Threats Require a Comprehensive Approach to Security

Intel is the only provider of hardware-based security capabilities that enhance industry security software to deliver high efficacy threat detection²—utilizing Intel® Threat Detection Technology (Intel® TDT). In addition to our existing ransomware detector and accelerating memory scanning capability, we are working to bring to market a new anomalous behavior detection (ABD) capability to help address supply chain-style attacks that infect business applications. This new Intel TDT detector uses AI and Intel integrated GPU performance optimizations to deliver amazing efficacy without significant impact on the user experience. ABD uses machine learning algorithms, Intel® Processor Trace, Last Branch Record and Performance Monitoring Unit telemetry in Intel processors to profile the normal control flow behaviors of benign applications. ABD then monitors application execution in production, and it detects control flow deviations in real-time if applications are attacked or experience unexpected errors.

Businesses choose Intel for the advantages of hardware-based security protections such as ABD. Intel works directly with the security ecosystem to deliver optimizations that address today's most advanced threats, boosting 3rd-party software threat detection efficacy, resulting in more security protection for your organization.

Beyond advanced threat protections, 12th Gen Intel vPro processors deliver new hardware virtualization and encryption capabilities to help better protect the operating system, applications and your data across the entire platform. We’ve also enhanced the platform security and manageability controller, called the Intel® Converged Security & Management Engine (Intel® CSME), with fault injection detection. These advances go beyond the world of Windows, too. Intel vPro® Enterprise now brings below-the-OS security to Google Chrome with Intel® Total Memory Encryption - Multi-Key (Intel® TME-MK) and Keylocker. Read more on Intel’s newsroom.

Software Partners

It takes an ecosystem to deliver best-of-breed security software and built-in platform protections, and Intel drives security innovations with the world’s largest ecosystem. That ecosystem includes a growing list of software vendors who support TDT and its growing portfolio of solutions.

  • CrowdStrike optimizes its Falcon solutions for Intel vPro hardware-based security protections. Its Hardware Enhanced Exploit Detection feature uses Intel Processor Trace telemetry to deliver memory safety protections for older PCs that lack modern in-built protections. Today, CrowdStrike announced it will use Intel TDT accelerated memory scanning (AMS) to detect “file-less attacks” in memory, enabling more scanning while reducing the impact on performance and power consumption. Learn more.

  • Microsoft Defender for Endpoint will soon leverage Intel TDT to help detect ransomware, cryptojacking and to perform accelerated memory scanning on hundreds of millions of endpoints. In addition, Microsoft Defender engineers and researchers collaborated with Intel on the Intel TDT  Anomalous Behavior Detection proof-of-concept and industry paper mentioned above. Learn more and watch the Intel & Microsoft exec testimonial video and Intel TDT & Microsoft Defender for Endpoint demo 

  • A longstanding and robust co-engineering relationship between Dell and Intel continues to focus on technologies at both the component and platform level. Intel® Hardware and Dell’s SafeBIOS framework provide built-in, hardware-based protection to Dell commercial PC users. 

  • The global digital security company ESET is enabling Intel TDT Ransomware detection. Intel will include ESET in the Intel global app pack program which offers small and medium businesses promotional bundles with the new “right-sized” Intel vPro® Essentials platform.  Learn more.  

  • Dedicated to the success of IT solution providers, ConnectWise has expanded its collaboration with Intel and is working on developing the necessary components to integrate Intel TDT Ransomware and Cryptojacking solutions into tools used by managed service providers (MSP) who service small/medium businesses. Learn more.

  • Fidelis Cybersecurity, the industry innovator in Active XDR and proactive cyber defense solutions, is announcing a roadmap to implement Intel TDT ransomware detection, starting with a near-term release of Intel TDT AMS to help detect ransomware attacks in memory. Learn more

  • German software vendor bytesatwork, which is developing cloud, device and infrastructure management solutions for small and medium businesses that don´t have resources to run enterprise endpoint security solutions, is integrating Intel TDT ransomware and cryptojacking hardware-based detection for their self-protecting device solution, manage4ALL. Learn more.

  • Sequretek is announcing a near-term release of its AI-based endpoint detection & response software, Percept EDR, enhanced by Intel TDT ransomware and cryptojacking capabilities to serve global customers. Learn more.

  • Kingsoft has slated for Q2 release its EDR solution using Intel TDT ransomware and cryptojacking detection solution building blocks to improve efficacy with minimal additional impact to the user experience.  Learn more.

It’s More than Hardware

Security is not a one-time event, it’s an ever evolving process Intel’s 2021 Product Security Report highlights key areas of continuing leadership

  • In 2021, we delivered mitigations for 226 product security issues. Of the 226 issues addressed, 113 (50%) were found internally by Intel employees and another 97 (43%) were reported through Intel’s Bug Bounty program. In total, 93% of the vulnerabilities addressed were the result of Intel’s proactive efforts in product security assurance.

  • We follow rigorous policies and procedures spelled-out in our Security Development Lifecycle (SDL) to integrate security principles and privacy tenets at every step of hardware and software development. Intel has dedicated experts driving a security-first mindset that starts with research and design and doesn’t stop until products reach end of servicing.

  • To help ensure the robustness of Intel CSME security, 40 design changes were implemented, including data protection, control flow protection, and control-flow enforcement hardware in the CSME microcontroller starting with the 11th Gen platform. As a result of these efforts, there was a steady decline in vulnerabilities discovered in 2021.

Further accelerating adherence to industry security standards, Intel vPro delivers 47 built-in MITRE ATT&CK countermeasures.³ In addition, Intel worked with security expert Coalfire to help validate how procuring an Intel vPro platform-based PC provides a meaningful accelerator for adopting security standards and best practice initiatives. The Coalfire report maps out how Intel vPro platform capabilities help achieve support for five key NIST, TCG and FIPS security standards.

Leverage the Intel Ecosystem

Intel’s built-in security capabilities enable hardware, software and service providers to help: protect data, applications and identity against threats, detect and catch unlikely threats using innovative methods, and recover from cyberattacks using remote management. Comprehensive security comes from the unified force of Intel and ecosystem innovation. Build on a more secure foundation with the 12th Gen Intel vPro Platform.

 

Footnotes & Disclaimers

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.  See backup for configuration details.  No product or component can be absolutely secure.
Your costs and results may vary.
Intel technologies may require enabled hardware, software or service activation.
© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others. 

1  As measured by the unrivaled combination of above and below the OS security capabilities, app and data protections, and advanced threat protections Intel vPro delivers for any sized business, as well as Intel’s security first approach to product design, manufacture, and support.  All business PCs built on the Intel vPro platform have been validated against rigorous specifications, including unique hardware-based security features.  See www.intel.com/PerformanceIndex (platforms) for details.  No product or component can be absolutely secure.

² The Intel vPro platform delivers the first and only silicon-enabled AI threat detection to help stop ransomware and cryptojacking attacks for Windows-based systems. Intel TDT Anomalous Behavior Detection (ABD) is a hardware-based control flow monitoring and anomaly detection solution able to monitor business apps for early indicators of compromise, leveraging the Intel CPU to build dynamic AI models of “good” application behavior. See www.intel.com/PerformanceIndex (platforms) for details. No product or component can be absolutely secure.

3 See www.intel.com/PerformanceIndex (platforms) for details.  No product or component can be absolutely secure.

 

 

 

About the Author
Michael Nordquist is the Vice President Client Computing Group & General Manager, Business Client Product Planning and Architecture. He has overall product planning and architecture responsibility for Intel’s business client platforms, including the Intel® vPro™ brand, across all desktop and mobile platforms. Nordquist has held a variety of sales, marketing, planning, and management roles since joining Intel in 2000. Prior to running product planning for the Business Client Group, he was the director of strategic planning focused on phones, tablets, and our Intel® Atom™ microprocessor. He holds a bachelor’s degree in electrical engineering from the University of Minnesota and an MBA from Babson College.