Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors.
These hardware-based detections are accomplished using Intel Threat Detection Technology (Intel TDT) and Hardware Shield that run directly on the CPU underneath the operating system and firmware layers.
Intel Hardware Shield is a
built-in security feature that out-of-the-box security protections directly to the CPU hardware, such as:
- Helping to prevent malicious code injection by restricting memory access in the BIOS at runtime.
- Dynamically launching the OS and hypervisor in an Intel® hardware–secured code environment inaccessible from firmware. This technique also helps verify that the operating system and its virtual environment are running directly on Intel hardware, as opposed to malware that is spoofing the hardware.
- Providing operating system visibility into the BIOS- and firmware-protection methods used at boot time.
Intel TDT uses hardware telemetry to detect fileless malware, cryptomining, polymorphic malware, and ransomware in real-time based on CPU metrics and behavioral detections. When a threat is discovered, TDT will send signals to security software integrated with the platform to alert it of the threat.
"As threats are detected in real-time, Intel TDT sends a high-fidelity signal that can trigger remediation workflows in the security vendor's code. Intel TDT issues no specialized efficacy or performance reports; rather, the data is seamlessly incorporated as a part of normal endpoint sensor reporting," Intel's TDT
product brief explains.
