Taking place this week is the annual RSA conference, which has evolved to become a major trade show for security products and technologies. As one might expect, it's also frequently used as a springboard for security-related announcements, and this year is no exception.

Of particular interest here is Intel, who is making two announcements regarding silicon-level technologies designed to improve the security of modern computers. The first one is for what Intel is calling Threat Detection Technology (TDT), a package of capabilities that can be used by software for security screening and threat detection. The second one is the Security Essential framework that includes a consistent set of root-of-trust hardware security capabilities supported across Intel’s CPU product stack.

Intel's Threat Detection Technology comes in two parts: Accelerated Memory Scanning, and Intel Advanced Platform Telemetry. AMS, arguably the most interesting aspect of today's announcement, is a means to use the company’s iGPUs to accelerate memory scanning for malware, with the goal of reducing the CPU performance impact and scanning in a more energy-efficient manner overall. Currently anti-virus/anti-malware programs use the CPU to scan memory and storage for malicious applications, and while multi-core CPU designs mitigate the worst system impacts of AV scanning, there's still a potential hit to responsiveness. So Intel is looking to address this by moving parts of AV scanning off of the CPU entirely and in to their often underutilized integrated GPUs.

The focus of Intel's efforts here is on one specific aspect of AV scanning: in-memory (resident) malware, which doesn't get caught in transnational disk I/O checks and instead requires scanning a system's complete memory to check for. The entire process is essentially little more than pattern matching - something GPUs are proving good at - so Intel believes that GPUs would be a good fit. Meanwhile the idea that this is also a more energy-efficient method is an interesting one, albeit one where it would be nice to see some data, but it's conceptually sound.

Intel’s AMS will be first supported by Microsoft’s enterprise-focused Windows Defender Advanced Threat Protection software, which will be rolling out support for the feature later this month. On the hardware side of matters AMS is supported on Intel's current-generation Gen 9/9.5 iGPUs, meaning that it will be available on 6th Gen Core (Skylake) and newer processors. Intel says that usage of AMS reduces CPU load during memory scan by an order of magnitude (from 20% to 2%) in Windows Defender ATP, which looks significant.

Meanwhile, the second part of Intel's TDT is Intel Advanced Platform Telemetry (IAPT), which uses Intel's existing platform telemetry hardware capabilities combined with machine learning algorithms to speed up the detection of advanced threats that may not be documented. Specifically, Intel is using low-level performance counters and other telemetry as a canary for potential issues; a sudden, irregular change in the counters may indicate that malware is present, particularly exposing anything that's actively trying to use side-channel attacks (e.g. Spectre) and which take constant prodding to utilize.

As this isn't signature based it's instead triggered on the basis of broader behavior patterns, which is where machine learning comes in. Essentially the idea is for AV software vendors to compile telemetry from multiple machines, giving them an evolving baseline to work from and making unusual patterns and machines stick out. Intel isn't saying very much about this capability, but according to The Register Intel has said that "In general, data is anonymized and generalized." IAPT will initially be supported by the Cisco Tetration platform for datacenters that protects cloud workloads.

Finally, Intel is also introducing Intel Security Essentials — a consistent set of security-related capabilities to be supported by the Atom-, Core- and Xeon-branded products. The feature set will encompass a number of Intel's existing security features under a single name, including secure boot, hardware protections (for data, keys, etc.), cryptography accelerators and trusted execution enclaves. Overall Intel is aiming to include all of its advanced security technologies across its entire product stack to improve security of PCs in general, so combining these features into a single, common package helps to promote that change and clarify that the same base features are supported everywhere. The move makes a great sense as it means that software makers will be able to support a unified set of security capabilities, knowing that all of them will be supported by all PCs running Intel’s up-to-date processors.

Related Reading:

Source: Intel

Comments Locked

36 Comments

View All Comments

  • Azurael - Wednesday, April 18, 2018 - link

    It might be a complete coincidence but I should point out that when I posted a similar comment on Intel/McAfee's 'Securing Tomorrow' article about the ME vulnerabilities, the entire post was pulled a few days later...

    It _was_ at https://securingtomorrow.mcafee.com/executive-pers... - and now neither in wayback machine nor the Google page cache... Hmmm.
  • Azurael - Wednesday, April 18, 2018 - link

    I should probably clarify what I mean by 'turn off' remote manageability - obviously, there is a setting to do this but it quite clearly doesn't. The TCP/IP stack remains live and responsive, LAN will remain up when the system is off even if WOL is disabled, ME continues sending interrupts to the system when there is nothing which should have apparently invoked it.

    ME is a complete black box, they won't talk about it and I very much suspect that outside of the DRM and platform initialization functions they've shoehorned into it in the last couple of generations to give it a 'legitimate' purpose in a consumer platform, there is no reason for it to be present/active on 99% of machines it ships on.
  • Hurr Durr - Wednesday, April 18, 2018 - link

    Complete cohencidence, as it always is with intel. Or Mossad, who`s to know anymore.
  • wow&wow - Wednesday, April 18, 2018 - link

    “Intel Announces Silicon-Level Security ...”

    What is the point of silicon-level security technologies if the company couldn’t even simply follow what was defined by itself?

    Can “Intel Threat Detection Technology” detect its not following what is defined by itself?
  • Vinayancho - Monday, April 23, 2018 - link

    Guys, i know, you love vulgar girls
    What about online communication with them without limits? Here http://sexbadoo.ga you can find horny real girls from different countries.
  • Kotonyekia - Tuesday, April 24, 2018 - link

    Guys, i know, you love vulgar girls
    What about online communication with them without limits? Here http://sexbadoo.ga you can find horny real girls from different countries.

Log in

Don't have an account? Sign up now