Once upon a time, it was safe to turn your computer on. Nowadays, a month, week, or even day doesn’t go by where you hear about the latest system attack and zero-day exploit used to install malware and expose data from
The first line of defense against these attacks is typically thought to be keeping your antivirus and anti-malware software up to date. However, by then, the software has already gotten into your network, and, it can shape-shift to evade detection. A better approach is to utilize hardware-enhanced security technologies from Intel. Thus, by combining the hardware-based approach from Intel and supporting software and services from partners, you’re better able to keep your business and its data safe and protected from the Advanced Persistent Threat (APT).
Hardware-based approaches are the best defenses against APTs. APTs take the long approach of collecting passwords, topologies, and security policies such that they can all be used to launch a massive targeted data exfiltration of company data and secrets. They work in silent, to watch, listen, record, and report. It is difficult for software to detect these from software as they are performing mostly legitimate requests to discover where the holes are. Using software to fight software is not an effective option. Instead, Intel offers a four-pronged hardware-based approach to protect and secure your systems and data.
By embedding security-technologies in the chipset, Intel is able to protect systems before a software-only approach even starts, thus keeping systems safer. Let’s take a look at each of the approaches taken.
The Boot Guard device protection technology from Intel helps to ensure the boot integrity of your system, this is before the system wakes up and the BIOS is loaded to run. What it ensures is there is no unauthorized code executed from the system BIOS. Once any unauthorized BIOS code is executed, your system has been compromised and can basically do anything, hiding its trails, and thus being undetected.
Where Boot Guard makes sure no unauthorized BIOS code is executed, BIOS Guard makes sure no unauthorized code is placed in BIOS without platform manufacturer authorization. There are times when you do need to update BIOS. They are few and far between and typically initiated through some user action. BIOS Guard ensures those are the only times changes are made. By keeping bad code out, you can’t execute any unauthorized BIOS code, but you have to check for the unauthorized code first, or else a change could be made altering how changes are protected.
As the name sounds, OS Guard helps protect the operating system. It prevents attacks where privileges escalate such that attackers can take control of the underlying operating system, whether that machine is running Microsoft Windows, MacOS, or any of the Linux variants. Attacks of this type typically occur utilizing a two phase approach. Step one requires the compromising of an application in user mode. Then, as a second part, it exploits a vulnerability while the system is running in supervisor mode to give the malware complete system control. The OS Guard protection prevents these memory access attempts from supervisor mode, thus denying the malware from doing its damage. If an employee launched the malware himself from some phishing attack, you have other issues to deal with from a company policy perspective, but the damage is prevented through the help of OS Guard.
The final hardware protection level provided through Intel Device Protection Technology is called Trusted Execution Technology or TXT for short. This is how your actual sensitive data is protected in virtual and cloud environments. Data isn’t just placed on a virtual drive for anyone or anything to access. Instead, all accesses have to go through a trusted computing environment with its set of security policies. If the integrity of the system cannot be verified, the system doesn’t pass and thus doesn’t have access to the sensitive information. Sounds simple, but it is a necessary step to avoid the widespread exploits of the modern day hacker.
Protecting software from software was never a truly safe approach to system protection on its own. It worked until the hackers got smarter. Now, that approach can no longer stay one step ahead of them. Antivirus/anti-malware software is only as good as its signature file. When a new strain evolves, you need a new file to protect yourself. Combining software with a hardware approach avoids this truly reactive response and you truly better protection to avoid these APT incidents.
Find out where vulnerabilities may exist on your network by signing up for our Free Security and Threat Prevention Assessment.