Businesses must change the way they look at security and put greater emphasis on hardware-based features to better protect their data and systems.
This is essential as software solutions alone are no longer sufficient in mitigating security threats, which increasingly are targeting hardware components. If the hardware, which is the foundation of user devices, is not properly protected, anything that sits on top will not be secure either, including the operation system (OS) and applications.
The US National Institute of Standards and Technology's National Vulnerability Database reveals that attacks against firmware have climbed five-fold in the last four years. As it is, more than 80% of organisations already have experienced at least one firmware attack in the last two years, according to Microsoft's March 2021 Security Signals report. However, just 29% of security budgets are set aside to safeguard firmware.
This needs to change, especially as hackers continue to find ways to circumvent software-based security features.
For instance, there were no antivirus signatures for 72% of all malware in the first quarter of 2020, revealed WatchGuard's threat data. This means that the majority of malware will escape detection from antivirus tools that scan only for known viruses, or that are based on pre-identified signatures.
Attacks also increasingly are memory-based and can manipulate legitimate applications running in a user's device to launch and insert malware.
Once hackers assume access to the hardware, they can compromise anything that runs on top of it and extract sensitive information from an employee's personal computer.
Shielding hardware against attacks
Security needs to be rooted in hardware to better protect against zero trust attacks, or malware for which there are no antivirus signatures.
The Intel vPro platform is designed specifically to respond to such threats and help businesses uncover potential attacks. It limits the impact of security threats and enables quick recovery when a breach occurs.
The Intel Hardware Shield, in particular, delivers a range of capabilities that focus on below-the-OS protection, application and data security, as well as advanced threat defence.
It extends security to the BIOS and firmware layer, which cuts the risk of vulnerabilities in device drivers or firmware being exploited to inject malicious code into the device at runtime. Such attacks can otherwise go undetected by traditional anti-malware software solutions.
Intel Hardware Shield also offers embedded security features that identify unauthorized changes to hardware and firmware and that lock down system-critical resources to prevent malicious software injection.
In addition, artificial intelligence (AI) capabilities are integrated into the Intel vPro to power threat detection. This enables the CPU to execute instructions and low-level data flows, while analysing the behaviour of applications to ensure there are no abnormalities. When it does identify unusual patterns, the information is passed on to software-based security solutions for further action.
Enabling this AI-powered analysis at the CPU level allows businesses to more quickly detect security threats and trigger the needed response to contain the impact of attacks.
Devices running Intel vPro are further hardened with Intel's Control-Flow Enforcement Technology (CET), which works to protect against control-flow hijacking attacks. These Return/Jump oriented codes are popular attack tactics that are difficult to detect and prevent, because the attackers use existing codes running from executable memory to alter the behaviour of an otherwise legitimate program.
Intel CET is integrated into the architecture of the Intel vPro core, providing hardware-based capabilities to combat such control-flow subversion attacks, which are commonly used in large classes of malware.
In addition, the Intel vPro's Accelerated Memory Scanning feature offloads memory scanning for malware to the GPU (graphics processing unit). This function typically is carried out by the CPU and leaves little room for other programs, which affects performance and user experience. Such scans are commonly paused or omitted completely because users do not want to compromise the performance of their device and have to run applications at a lower speed while they work.
Migrating memory scanning operations to the GPU frees up the CPU, so the latter can be put to better use running applications that directly impact an employee's productivity. Users also will feel less compelled to skip memory scans, which are essential to detect malware and known viruses.
Transform security approach to keep up with threats
With cyber attacks today highly sophisticated and constantly enhanced to evade traditional detection tools, organisations will need to transform their security approach and deploy more advanced detection and response capabilities.
This requires a combination of both hardware-based and software security solutions, especially as threats continue to move down the computer stack, tapping remote endpoint devices and PCs as a way to breach networks, cloud platforms, and applications
Hardware-based security solutions, such as those enabled by Intel vPro, can provide greater protection against these emerging threats and offer a robust foundation on which OSes, applications, and data can run securely.