Intel has announced it is adding hardware-based ransomware detection and remediation to its new 11th generation Core vPro processors.
This is possible, the company says, because of improvements to its Hardware Shield product and more powerful Threat Detection Technology (TDT).
Intel claims that "hardened PCs enable best practices for ransomware defense," and that this security improvement will be a game changer in defending against ransomware.
"Even when ransomware infiltrates a system, Intel vPro platform PCs with Intel Hardware Shield can help restrict lateral movement with hardware-enforced isolation of virtualized containers, memory protections, secure boot and below the OS firmware security."
Intel's Hardware Shield and Threat Detection Technology
Two features of Intel's vPro processors, Hardware Shield, and TDT are what make this new ransomware detection possible.
Bleeping Computer covered Intel's recent addition coming out of the 2021 Consumer Electronics Show (CES). It describes Hardware Shield as a built-in security feature with a variety of benefits:
- Helping to prevent malicious code injection by restricting memory access in the BIOS at runtime.
- Dynamically launching the OS and hypervisor in an Intel® hardware–secured code environment inaccessible from firmware. This technique also helps verify that the operating system and its virtual environment are running directly on Intel hardware, as opposed to malware that is spoofing the hardware.
- Providing operating system visibility into the BIOS- and firmware-protection methods used at boot time.
Coupled with Hardware Shield, Intel's TDT has the capability of detecting a range of threats, including fileless malware, cryptomining, polymorphic malware, and ransomware in real-time. Intel's TDT product brief breaks down how it works:
"As threats are detected in real-time, Intel TDT sends a high-fidelity signal that can trigger remediation workflows in the security vendor's code. Intel TDT issues no specialized efficacy or performance reports; rather, the data is seamlessly incorporated as a part of normal endpoint sensor reporting."
Intel's 11th gen core vPro processors
In order to use this new defense against ransomware, system administrators are only required to use security software that supports it. There is no need to make changes to CPUs because even though most vPro features are optional, Hardware Shield has been mandatory for Intel CPUs since the 10th gen.
Intel's Client Computing Group Vice President and General Manager of Business Client Platforms, Stephanie Hallford, explains why their 11th gen vPro processor is a step forward in security:
"Ransomware was a top security threat in 2020, software alone is not enough to protect against ongoing threats.
Our new 11th Gen Core vPro mobile platform provides the industry's first silicon enabled threat detection capability, delivering the much needed hardware based protection against these types of attacks."
Read the Intel Solution Brief on this development.