Intel announced today at CES 2021 that it has added hardware-based ransomware recognition to the recently announced 11th-generation business-class Core vPro processors.
These hardware-based discoveries are performed using Intel Threat Detection Technology (Intel TDT) and Hardware Shield that run directly on the CPU under the operating system and firmware layers.
Intel Hardware Shield is a built-in security feature that provides direct protection directly to the CPU hardware, for example:
- Helps prevent malicious code injection by restricting memory access in BIOS while running.
- Dynamic launch of the operating system and hypervisor in an Intel® hardware-safe coding environment unavailable from firmware. This technique also helps verify that the operating system and its virtual environment run directly on Intel hardware, as opposed to malicious software such as spoofing hardware.
- Provides operating system visibility in the BIOS and firmware protection methods used at startup.
Intel TDT uses hardware telemetry to detect fileless malware, cryptomining, polymorphic malware, and real-time ransomware based on CPU calculations and behavioral detections. When a threat is detected, TDT will send signals to security software integrated with the platform to alert it to the threat.
“Because threats are detected in real time, Intel TDT sends a high-security signal that can trigger remedial workflows in the security vendor code. Intel TDT does not provide specialized efficiency or performance reports.
Intel TDT also allows security software to download memory scans to the built-in Intel graphics engine for better performance.
Because these features run directly on the CPU and run under any software, including BIOS and firmware, it prevents malicious software from hiding from the hardware security features.
Cybereason is partnering with Intel for hardware-based ransomware protection
As part of today’s announcement, security firm Cybereason announced that it would integrate the security platform with Intel’s TDT to perform hardware-based ransomware detection.
“This partnership with Intel to add CPU-based threat detection strengthens our long history and industry-leading capabilities in detecting and eradicating ransomware. The combination of first-class hardware, software and security knowledge gives defenders full-stack visibility, which is crucial to ending the time of double-extortion that currently costs organizations hundreds of millions every year, ”said Lior Div, CEO and Co-Founder, Cybereason.
By using CPU counters and calculations exposed by TDT, Cyberreason states that they will benefit from the following:
- CPU Threat Detection – Enables enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioral ransomware prevention.
- Full-Stack visibility – Eliminates blind spots to reveal ransom because it avoids memory discovery or hiding in virtual machines, while differentiating legitimate business data encryption processes.
- Unleash machine learning for better security – Businesses can accelerate performance-intensive machine learning security algorithms by downloading them to the integrated Intel graphics controller to increase the capacity to analyze more data and perform more security scans.
- Accelerate endpoint prevention, detection, and response – Businesses can enhance the performance of security agent processing for better user experiences.
According to Cybereason and Intel, this partnership will be the first instance of PC hardware used directly to detect ransomware.
“Ransomware was a top security threat in 2020, software alone is not enough to protect against ongoing threats. Our new 11th generation Core vPro mobile platform provides the industry’s first opportunities for detecting threats with silicon, delivering the much-needed hardware-based protection against this type of attack. Along with Cyberease’s multilayer protection, companies will have full stack visibility from CPU telemetry to prevent ransomware from avoiding traditional signature-based defenses, ”said Stephanie Hallford, Client Computing Group Vice President and General Manager of Business Client Platforms at Intel.