Add a New Layer of Hardware-Based Security

Help protect your business with new hardware-based security capabilities to mitigate endpoint security risks.1 2

Features for Hardware-Based Security:

  • Part of the Intel vPro® platform, Intel® Hardware Shield helps reduce the BIOS as an attack surface to the operating system (OS) and reduces the BIOS’s access to system memory to help prevent malware from gaining full access.

  • Intel® Threat Detection Technology (Intel® TDT) employs system hardening technologies that help improve system protection with accelerated memory scan and advanced platform telemetry capabilities.

  • Intel® Transparent Supply Chain (Intel® TSC) provides a mechanism for confirming component authenticity and traceability to help mitigate tampering and threats that can be introduced anytime in an asset’s life cycle.

BUILT IN - ARTICLE INTRO SECOND COMPONENT

Maintaining endpoint security is critical to your business value and reputation. See how a modern PC platform helps businesses respond to increasingly sophisticated cyber threats by taking a combined software- and hardware-based security approach that helps protect vital assets, data, and infrastructure.

Why Software-Based Security Is No Longer Enough

Businesses typically rely on security software to protect their assets. But software-based security can be bypassed by an attacker who has higher privileges through a vulnerability in the software or hardware. By design, hardware and firmware have a better view of the system—and a greater ability to protect it.

However, the hardware itself must also be protected, and sophisticated attackers are looking for vulnerabilities that may exist at the firmware level. One recent survey found that 63 percent of companies have been compromised due to a vulnerability in hardware or silicon.3 Hardware-based security features built in at the silicon level can help better protect up the stack, providing a trusted foundation for an organization’s endpoint security strategy.

What Is Hardware Security?

Traditional security software continues to offer a degree of protection for end users. And operating system (OS) security is moving toward a new model in which virtualized containers can be used to isolate and verify the integrity of applications, web browsers, and data running inside those containerized environments. Virtualization provides the ability to offer protection through isolation. It also minimizes what malware can do on the system, as it has limited access to system resources and lacks the ability to persist on the system. However, security software protections such as OS security, encryption, and network security represent only one dimension of IT security for today’s businesses.

Hardware-based security takes a multidimensional approach to not only complement software-based security but also add efficiency to implementing and managing protections to your computing infrastructure.

Your business needs a high level of assurance that its assets are protected through a comprehensive IT security strategy. This assurance requires high firmware visibility and resilience, resulting in the confidence that workloads are running on trustworthy platforms.

Hardware Vs. Software Security
An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the operating system launch. Hackers are looking for ways to inject malware into this code beneath the operating system, which by default never required security and integrity checks designed into its sequence. As a result, the operating system will trust this code even when it contains a nefarious malware payload.

Tampering is another way a malware intrusion under the operating system can occur anywhere in the manufacture to delivery process. Physical attacks are getting easier and becoming more concerning for IT teams. To mitigate this threat, a modern PC platform can integrate hardware-enhanced security that starts at the assembly line. In addition to manufacturers ensuring the authenticity of certified device components, golden measurements of firmware code are taken before the firmware is sealed, prior to transport and delivery. This approach enables IT to determine whether the newly received device has been tampered with before the first time it is turned on.

Of course, tampering can occur at any time in the asset’s life cycle. At each subsequent startup, the technology verifies the loaders that boot the code and execute the boot sequence of the firmware and operating system. This added layer of security helps mitigate the risk of tampering to introduce malicious code under the operating system.

A business-grade PC platform provides an additional layer of hardware-based security that gives your IT group a secure foundation on which to simplify and scale.

Security Strategies for the Business Environment

Hardware-enabled security plays a major role in a comprehensive security approach. Here are some of the key strategies businesses are adopting today.

Hardware-Enhanced Endpoint Security
Your PC fleet endpoints are targets for hackers to gain access to your data or embed malware inside your corporate firewall. The business implications of these security threats are motivating organizations to move toward a hardware-enhanced protection model that helps mitigate the risks of software-based security at the device level. With advanced endpoint security, AI models use hardware telemetry to help detect stealthy attacks.

Firmware Transparency and Assurance
This strategy involves removing firmware blind spots and improving visibility into your device platform, allowing IT to build the trustworthiness of what resides within a given platform.

Managed IT Environments
With enhanced manageability capabilities, IT administrators can remotely power systems up to deploy security patching or threat remediation, and then power them down when not in use to help conserve energy. They can use an out-of-band keyboard video mouse (KVM) feature to take over the keyboard, monitor, and mouse of off-site endpoints—even unattended systems—to deploy security patches. In addition, a managed IT environment boosts the ability to recover from errors or attacks and prevent denial of service.

Security Benefits of the Intel vPro® Platform

The built for business Intel vPro® platform provides hardware-enhanced security features that help protect all computing stack layers. Businesses can benefit from supply chain transparency and traceability of PC components, advanced memory scans, and hardware-based support of Windows* 10 security services. Furthermore, IT has the ability to quickly roll out software fixes on critical vulnerabilities to managed PCs.

Informações de produto e desempenho

1

Os cenários de redução de custos descritos destinam-se a servir de exemplos de como um determinado produto baseado na Intel®, dentro das circunstâncias e configurações especificadas, pode afetar custos futuros e oferecer economia de custos. As circunstâncias variarão. A Intel não garante nenhum custo ou redução de custo.

2

A Intel não controla ou audita dados de terceiros. Você deve rever esse conteúdo, consultar outras fontes e confirmar a precisão dos dados mencionados.

3

Fonte: Match Present-Day Security Threats with BIOS-Level Control, um estudo da Forrester Consulting sobre liderança do pensamento encomendado pela Dell, junho de 2019.