The world’s biggest CPU companies have been in the news way too often over the last couple of months and not always were they trending for the right reasons. The Spectre and Meltdown flaws discovered early this year sent major ripples through the industry and both, Intel and AMD saw their stock values plunging at the onset. Intel lost 7.75% while AMD got knocked down just by 2.06% as news of the two major CPU flaws came out. However, in the long run, both companies recovered quite well but both came out of the tussle with the aim of improving security right down to the silicon level. Today at RSA 2018, Intel has announced a set of new measures to strengthen their built-in security features. Intel’s three-pronged security measure involves Intel Threat Detection Technology, Intel Security Essentials and an academic partnership with Purdue University.
Intel Threat Detection Technology
Simply put, Intel Threat Detection Technology is a set of silicon-level measures that includes a telemetry system to detect shady process behaviour along with memory scanning at a higher frequency. For this particular aspect, Intel has tied up with Cisco and Microsoft so that the technology works in a seamless fashion across the entire platform. The partnership with Microsoft is obvious since it is the dominant operating system and better communication between the OS and the security features baked into the silicon will accelerate the threat detection process. Intel’s partnership with Cisco is all geared towards making the data centre safer since Cisco is the leader when it comes to network equipment at the data centre.
Accelerated Memory scanning
Now we’re all too familiar with the average security suite on our computers and how they slow your PC down to a crawl each time you run a threat scan. There is a significant CPU load when this happens, however, there is also one aspect of the modern CPU that remains untouched – the integrated GPU. One of the key aspects of the newly announced Intel Threat Detection Technology is called Accelerated Memory Scanning. The parallel processing capabilities of GPUs are pretty well known, so in order to put the integrated graphics processor to use, Intel’s offloading the memory scanning operation onto the iGPU. Since the parallelised processing will significantly speed up memory scanning, this new method is being called Accelerated Memory Scanning. Initial benchmarks on Intel-based systems have shown a drop in CPU utilisation from 20% to 2%. Leaving the CPU a lot more headroom to focus on other operations.
Currently, this new Accelerated Memory Scanning feature only works with Intel CPUs and is used in the all too familiar Microsoft Windows Defender Advanced Threat Protection antivirus. Windows Defender is included in all Windows operating systems but this particular variant i.e. Advanced Threat Protection is a paid service that caters to enterprise usage scenarios. How much of this will trickle down to the free Windows Defender software that’s included in Microsoft Windows for free, remains to be seem. Accelerated Memory Scanning will be implemented on Intel’s 6th, 7th and 8th gen CPUs.
Intel Advanced Platform Telemetry
This is where Cisco comes into the picture. By combining platform telemetry along with machine learning algorithms, Intel Advanced Platform Telemetry has been designed to detect threats at the network level. It’s going to be implemented in the Cisco Tetration platform. At the data centre, the Cisco Tetration platform focuses on telemetry at the individual packet level so as to generate insights which are actionable. Since the inspection is happening on a different hardware level altogether, this would not have a huge performance impact on the main processing cluster within the data centre.
Intel Security Essentials
The second announcement made at RSA is about standardising Intel’s Security capabilities across their Intel Core, Xeon and Atom processors. Having a consistent set of root-of-trust hardware security capabilities has value for both Intel and the consumers. For consumers, this would allow Intel to readily issue microcode updates should another Spectre or Meltdown happen. For Intel, this would save a lot of money since it will reduce the fragmentation that currently exists within the ecosystem. With a fragmented set of policies across the entire SKU stack, Intel has to dedicate a lot of manpower in order to get security patches out in the least possible time. With standardisation, that becomes much easier and much cheaper.