<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">

Avoiding the Advanced Persistent Threat through Hardware

  Greg LaBrie     Mar 31, 2016

Once upon a time, it was safe to turn your computer on. Nowadays, a month, week, or even day doesn’t go by where you hear about the latest system attack and zero-day exploit used to install malware and expose data from Advanced-Persistent-Threat.jpgsomewhere across the globe. Some news reports even say the NSA is buying these exploits to take advantage of them before they’re patched to gain access and potentially disrupt computer systems. If the US government is doing it to attack their enemy, you can be sure other governments and organized crime are doing the same to potentially get into your systems. A chain is only as strong as its weakest link and the least protected computer system will be found and exploited.

The first line of defense against these attacks is typically thought to be keeping your antivirus and anti-malware software up to date. However, by then, the software has already gotten into your network, and, it can shape-shift to evade detection. A better approach is to utilize hardware-enhanced security technologies from Intel. Thus, by combining the hardware-based approach from Intel and supporting software and services from partners, you’re better able to keep your business and its data safe and protected from the Advanced Persistent Threat (APT).

Hardware-based approaches are the best defenses against APTs. APTs take the long approach of collecting passwords, topologies, and security policies such that they can all be used to launch a massive targeted data exfiltration of company data and secrets. They work in silent, to watch, listen, record, and report. It is difficult for software to detect these from software as they are performing mostly legitimate requests to discover where the holes are. Using software to fight software is not an effective option. Instead, Intel offers a four-pronged hardware-based approach to protect and secure your systems and data.

  • Intel Device Protection Technology with Boot Guard
  • Intel Device Protection Technology with BIOS Guard
  • Intel Device Protection Technology with OS Guard
  • Intel Device Protection Technology with Trusted Execution Technology (TXT)

By embedding security-technologies in the chipset, Intel is able to protect systems before a software-only approach even starts, thus keeping systems safer. Let’s take a look at each of the approaches taken.

Intel Device Protection Technology with Boot Guard

The Boot Guard device protection technology from Intel helps to ensure the boot integrity of your system, this is before the system wakes up and the BIOS is loaded to run. What it ensures is there is no unauthorized code executed from the system BIOS. Once any unauthorized BIOS code is executed, your system has been compromised and can basically do anything, hiding its trails, and thus being undetected.

Intel Device Protection Technology with BIOS Guard

Where Boot Guard makes sure no unauthorized BIOS code is executed, BIOS Guard makes sure no unauthorized code is placed in BIOS without platform manufacturer authorization. There are times when you do need to update BIOS. They are few and far between and typically initiated through some user action. BIOS Guard ensures those are the only times changes are made. By keeping bad code out, you can’t execute any unauthorized BIOS code, but you have to check for the unauthorized code first, or else a change could be made altering how changes are protected.

Intel Device Protection Technology with OS Guard

As the name sounds, OS Guard helps protect the operating system. It prevents attacks where privileges escalate such that attackers can take control of the underlying operating system, whether that machine is running Microsoft Windows, MacOS, or any of the Linux variants. Attacks of this type typically occur utilizing a two phase approach. Step one requires the compromising of an application in user mode. Then, as a second part, it exploits a vulnerability while the system is running in supervisor mode to give the malware complete system control. The OS Guard protection prevents these memory access attempts from supervisor mode, thus denying the malware from doing its damage. If an employee launched the malware himself from some phishing attack, you have other issues to deal with from a company policy perspective, but the damage is prevented through the help of OS Guard.

Intel Device Protection Technology with Trusted Execution Technology (TXT)

The final hardware protection level provided through Intel Device Protection Technology is called Trusted Execution Technology or TXT for short. This is how your actual sensitive data is protected in virtual and cloud environments. Data isn’t just placed on a virtual drive for anyone or anything to access. Instead, all accesses have to go through a trusted computing environment with its set of security policies. If the integrity of the system cannot be verified, the system doesn’t pass and thus doesn’t have access to the sensitive information. Sounds simple, but it is a necessary step to avoid the widespread exploits of the modern day hacker.

Protecting software from software was never a truly safe approach to system protection on its own. It worked until the hackers got smarter. Now, that approach can no longer stay one step ahead of them. Antivirus/anti-malware software is only as good as its signature file. When a new strain evolves, you need a new file to protect yourself. Combining software with a hardware approach avoids this truly reactive response and you truly better protection to avoid these APT incidents.

Find out where vulnerabilities may exist on your network by signing up for our Free Security and Threat Prevention Assessment.

Tags  cyber security hardware-enhanced security data security Intel IT Security

Greg LaBrie

Written by Greg LaBrie

Greg LaBrie has more than 20 years of network architecture and engineering experience designing networks that exceed technical requirements, improve operational proficiency and reduce total costs of ownership. Greg holds a number of technical certifications for HPE, Cisco, Fortinet, and much more.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


Categories

see all
Contact Us