Add a New Layer of Hardware-Based Security

Help protect your business with new hardware-based security capabilities to mitigate endpoint security risks.1 2 3

Maintaining endpoint security is critical to your business value and reputation. See how a modern PC platform helps businesses respond to increasingly sophisticated cyber threats by taking a combined software- and hardware-based security approach that helps protect vital assets, data, and infrastructure.

Why Software-Based Security Is No Longer Enough

Businesses typically rely on security software to protect their assets. But software-based security can be bypassed by an attacker who has higher privileges through a vulnerability in the software or hardware. By design, hardware and firmware have a better view of the system—and a greater ability to protect it.

However, the hardware itself must also be protected, and sophisticated attackers are looking for vulnerabilities that may exist at the firmware level. One recent survey found that 63 percent of companies have been compromised due to a vulnerability in hardware or silicon.4 Hardware-based security features built in at the silicon level can help better protect up the stack, providing a trusted foundation for an organization's endpoint security strategy.

What Is Hardware Security?

Traditional security software continues to offer a degree of protection for end users. And operating system (OS) security is moving toward a new model in which virtualized containers can be used to isolate and verify the integrity of applications, web browsers, and data running inside those containerized environments. Virtualization provides the ability to offer protection through isolation. It also minimizes what malware can do on the system, as it has limited access to system resources and lacks the ability to persist on the system. However, security software protections such as OS security, encryption, and network security represent only one dimension of IT security for today's businesses.

Hardware-based security takes a multidimensional approach to not only complement software-based security but also add efficiency to implementing and managing protections to your computing infrastructure.

Your business needs a high level of assurance that its assets are protected through a comprehensive IT security strategy. This assurance requires high firmware visibility and resilience, resulting in the confidence that workloads are running on trustworthy platforms.

Hardware Vs. Software Security
An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the operating system launch. Hackers are looking for ways to inject malware into this code beneath the operating system, which by default never required security and integrity checks designed into its sequence. As a result, the operating system will trust this code even when it contains a nefarious malware payload.

Tampering is another way a malware intrusion under the operating system can occur anywhere in the manufacture to delivery process. Physical attacks are getting easier and becoming more concerning for IT teams. To mitigate this threat, a modern PC platform can integrate hardware-enhanced security that starts at the assembly line. In addition to manufacturers ensuring the authenticity of certified device components, golden measurements of firmware code are taken before the firmware is sealed, prior to transport and delivery. This approach enables IT to determine whether the newly received device has been tampered with before the first time it is turned on.

Of course, tampering can occur at any time in the asset's life cycle. At each subsequent startup, the technology verifies the loaders that boot the code and execute the boot sequence of the firmware and operating system. This added layer of security helps mitigate the risk of tampering to introduce malicious code under the operating system.

A business-grade PC platform provides an additional layer of hardware-based security that gives your IT group a secure foundation on which to simplify and scale.

Security Strategies for the Business Environment

Hardware-enabled security plays a major role in a comprehensive security approach. Here are some of the key strategies businesses are adopting today.

Hardware-Enhanced Endpoint Security
Your PC fleet endpoints are targets for hackers to gain access to your data or embed malware inside your corporate firewall. The business implications of these security threats are motivating organizations to move toward a hardware-enhanced protection model that helps mitigate the risks of software-based security at the device level. With advanced endpoint security, AI models use hardware telemetry to help detect stealthy attacks.

Firmware Transparency and Assurance
This strategy involves removing firmware blind spots and improving visibility into your device platform, allowing IT to build the trustworthiness of what resides within a given platform.

Managed IT Environments
With enhanced manageability capabilities, IT administrators can remotely power systems up to deploy security patching or threat remediation, and then power them down when not in use to help conserve energy. They can use an out-of-band keyboard video mouse (KVM) feature to take over the keyboard, monitor, and mouse of off-site endpoints—even unattended systems—to deploy security patches. In addition, a managed IT environment boosts the ability to recover from errors or attacks and prevent denial of service.

Security Benefits of the Intel vPro® Platform

The built for business Intel vPro® platform provides hardware-enhanced security features that help protect all computing stack layers. Businesses can benefit from supply chain transparency and traceability of PC components, advanced memory scans, and hardware-based support of Windows* 10 security services. Furthermore, IT has the ability to quickly roll out software fixes on critical vulnerabilities to managed PCs.

Endpoint Security

Endpoints are the portals hackers use to access your critical data or embed malicious code in your systems. And today's workplace has a wide array of devices that can challenge endpoint security. As part of the Intel vPro® platform, Intel® Hardware Shield enables your IT team to implement policies in the hardware layer to help ensure that if malicious code is injected, it cannot access data.

System Hardening

Intel vPro® platform development has evolved through system hardening processes that have optimized hardware-based security features. The benefit to your organization includes configurable firmware protection, BIOS security to reduce its attack surface, and advanced threat detection.

Security Patching and Threat Remediation

Intel® Active Management Technology (Intel® AMT) within the Intel vPro® platform enables remote access and management across the organization. Your IT team can use these technologies to execute timely security patching and threat remediation. Security patching can update large populations of devices regardless of their location. Threat remediation is addressed by implementing countermeasures to help reduce an endpoint's susceptibility to a specific attack.

產品與效能資訊

1

Intel® 技術的功能與優勢取決於系統配置,而且可能需要支援的硬體、軟體或服務啟動。實際效能會依系統組態而異。沒有產品或元件能提供絕對的安全性。詳情請洽詢購入系統的製造商或零售商,或是上網參閱 https://www.intel.com.tw

2

所述之成本降低情境,用意是要提供範例,指出搭載特定 Intel® 處理器的產品,在特定情況與配置,可能會如何影響未來各項成本以及提供成本節省。實際情況可能有所差異。對於各項成本,或是成本降低幅度,Intel 不提供任何保證。

3

Intel 並不控制或審核第三方的資料。您應檢閱本內容、查閱其他來源,並確認提及的資料是否正確。

4Source: Match Present-Day Security Threats with BIOS-Level Control, a Forrester Consulting thought leadership paper commissioned by Dell, June 2019.