Intel Highlights Latest Security Investments at RSA 2020

[btarunr]

At the Intel Security Day event during RSA Conference 2020, Intel underscored its commitment to security with several announcements, including details on security capabilities coming in future products. At Intel, security is a fundamental and foundational element of all aspects of architecture, design and implementation. Together with customers and partners, Intel is building a more trusted foundation in this data-centric world.

"Hardware is the bedrock of any security solution. Just as a physical structure requires a foundation established on bedrock to withstand the forces of nature, security solutions rooted in hardware will provide the greatest opportunity to provide security assurance against current and future threats," said Tom Garrison, Intel vice president and general manager of Client Security Strategy and Initiatives. "Intel hardware, and the assurance and security technologies it brings, help harden the layers above from attack."

Intel customers build solutions and services that depend on the breadth and depth of technologies in the silicon, vertical integration and substantive reach from edge to cloud. It is Intel's mission to provide common security capabilities across all architectures, to help address the ever-increasing sophistication of user experiences.

Data must be protected at rest and in motion. The protection of data is critical to extracting value from it, while delivering uncompromised performance. The next 10 years will see more architecture advancements than the past 50 years.

"Intel is uniquely positioned in the industry to create and deliver truly innovative security technologies that span architectures, memory and interconnect," said John Sell, Intel Fellow and director of Intel Security Architecture and Technology.

Data Platform Protection

• As the demand for data-intensive computing grows, there is a need to balance the ease of scaling deployment with the level of data protections. To address customer challenges, new confidential computing capabilities on future data center platforms are expected to offer scale and choice:
• Application isolation helps protect data in use with a very narrow attack surface. Already deployed for production data centers and solutions, Intel Software Guard Extensions (Intel SGX) will expand to a broader range of mainstream data-centric platforms, and is expected to provide larger protected enclaves, extended protections to offload accelerators and improved performance. This will further expand the number of usages able to leverage these advanced application isolation capabilities.
• VM and container isolation helps provide protections in virtualized environments, isolating them from each other and from the hypervisor and cloud provider without requiring application code modifications.
• Full memory encryption helps better protect against physical memory attacks by providing hardware-based encryption transparent to the operating system and software layers.
• Intel Platform Firmware Resilience is an Intel FPGA-based solution that helps protect the various platform firmware components by monitoring and filtering malicious traffic on the system buses. It also verifies the integrity of platform firmware images before any firmware code is executed and can recover corrupted firmware back to a known good state. When combined with other trusted boot technologies on new platform generations, Intel continues to contribute additional tools to increase resistance against attack and help provide a more trusted foundation for modern cloud and enterprise deployments.

Compute Lifecycle Assurance Industry Traction
Since its launch in December, Intel's Compute Lifecycle Assurance Initiative has gained traction with customers and ecosystem partners, starting with the foundational offering Intel Transparent Supply Chain (Intel TSC).

Transparency of a device's origin helps establish the foundation for a trusted supply chain. Intel TSC tools allow platform manufacturers to bind platform information and measurement using the Trusted Computing Group's (TCG) Trusted Platform Module 2.0 (TPM) standard, also referred to as ISO 11889. This allows customers to gain traceability and accountability for platforms with component-level reporting. More information can be found in a blog by Intel's Tom Dodson.

Intel TSC is currently available for customers across Intel vPro platform-based PCs, Intel NUC, Intel Xeon SP systems, Intel solid-state drives and certain Intel Core commercial PCs.

To demonstrate Intel's commitment to transparency, measurement and assurance of the supply chain, Intel also enables ecosystem partners with Intel TSC tools. Today, Hyve Solutions, Inspur, Lenovo (client and server), Mitac, Quanta, Supermicro and ZT Systems have enabled Intel TSC tools. In addition, Intel has active deployments of Intel TSC with enterprise IT and cloud service providers.

"This chain of trust process provides essential traceability based on the TPM," said Thorsten Stremlau, chair of TCG's Marketing Work Group. "Bringing component-level traceability to platforms and systems increases confidence and reduces the risk of counterfeit electronic parts while also facilitating procurement standards. This is the right direction for the industry."

It often takes the industry working together to make technological advancements. Intel has a strong legacy of assisting its customers and industry partners in developing new and innovative ways to improve hardware security. Intel shares knowledge of this experience through its participation and contributions to leading industry initiatives and standards bodies, including the Confidential Computing Consortium under the Linux Foundation, the FIDO Alliance's IoT Technical Workgroup and the newly expanded Common Weakness Enumeration led by MITRE. Such efforts underscore Intel's unique capacity to build a more trusted foundation for the industry.

More information can be found on Intel's IT Peer Network.

Notices & Disclaimers
Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.

View at TechPowerUp Main Site

 

[DeathtoGnomes]

Does this mean Intel is being pro-active against new threats? Or is it just building a maze to get to existing ones?

 

[Dave65]

Does this mean Intel is being pro-active against new threats? Or is it just building a maze to get to existing ones?

Yes!

 

[dorsetknob]

I Spluttered as i read this

At Intel, security is a fundamental and foundational element of all aspects of architecture, design and implementation.

due to the numerous Security fails from Intel (often requiring O/S fixes) i View this as just INTEL BULLSHIT PR

 

[Renald]

How to transform a failing Hardware (and failing at fixing it sometimes) into selling it as a new support option to be more secure on the actual hardware.

"Guys we have a cake made of crap, let's ice it, and sell it as is"

 

[DeathtoGnomes]

I Spluttered as i read this


due to the numerous Security fails from Intel (often requiring O/S fixes) i View this as just INTEL BULLSHIT PR

atleast I was trying to be subtle...

 

[moproblems99]

I don't really think Intel deserves ALL hate they are getting. There is some that they deserve. However, I challenge anyone to design something complicated that another person won't figure out how to abuse or use in an unintended manner. It really is some of the beauty of humans - someone comes around that thinks differently and blows traditional ways of doing things up.

 

[dorsetknob]

Intel ah well lets view the problem
Intel had/has far more security holes across its product lines than AMD or Arm
the latter are not boasting like intel of how their products are sic SECURE.
Intels Security problems have cost it Sales and production slowdowns as it Scrambles to re-design and revise products.

OF Course Good PR and publicity will help sweep those past ******* into the Closet of history
and thats what Intels marketing is trying to Achive

PS I only have Intel CPU's in my working systems so i'm not Red team red flagging the opposition
I'm just cynical.

 

[BArms]

Personally I disable hyper-threading, which is virtually worthless to me anyway, and I avoid the vast majority of CPU security bugs.

 

[ncrs]

I don't really think Intel deserves ALL hate they are getting. There is some that they deserve. However, I challenge anyone to design something complicated that another person won't figure out how to abuse or use in an unintended manner. It really is some of the beauty of humans - someone comes around that thinks differently and blows traditional ways of doing things up.

The sheer scope of their incompetence is staggering. They are selling a security-oriented product called Intel Active Management Technology that allows basically out-of-band management of PCs including remote control with VNC, remote boot, remote powerup. Do you know that they didn't even bother to check what happens if you provide an empty password to it? Well someone did and it scored a 10/10 CVE-2017-5689 with a very nice presentation on it. Exploiting it is undetectable from host OS. Oh and a fun fact: AMT is running on Intel Management Engine that's present in every Intel-based PC since at least Core 2 Duo. Wanna take a guess how well that one is secured?

Personally I disable hyper-threading, which is virtually worthless to me anyway, and I avoid the vast majority of CPU security bugs.

That's not enough since some of them also target SGX (can be disabled in BIOS) or TSX (can be disabled in Windows), for example.

 

[moproblems99]

The sheer scope of their incompetence is staggering. They are selling a security-oriented product called Intel Active Management Technology that allows basically out-of-band management of PCs including remote control with VNC, remote boot, remote powerup. Do you know that they didn't even bother to check what happens if you provide an empty password to it? Well someone did and it scored a 10/10 CVE-2017-5689 with a very nice presentation on it. Exploiting it is undetectable from host OS. Oh and a fun fact: AMT is running on Intel Management Engine that's present in every Intel-based PC since at least Core 2 Duo. Wanna take a guess how well that one is secured?

I'm aware. And half the hate comes from people that have no idea what they are talking about and don't understand there are 10 types of people - those who understand, and those who don't.

 

[mak1skav]

Are you sure you can put the words Intel and security in the same sentence after what we have seen in the last years from them?

 

[ncrs]

Are you sure you can put the words Intel and security in the same sentence after what we have seen in the last years from them?

Only if you use "compromised" in the same sentence as well

 

[jgraham11]

How to transform a failing Hardware (and failing at fixing it sometimes) into selling it as a new support option to be more secure on the actual hardware.

"Guys we have a cake made of crap, let's ice it, and sell it as is"

Well if your product is plagues with one Hardware bug after another, one failed attempt to fix them after another and your product runs hotter and much less efficiently than the competition, meanwhile the competition is able to make their chips for a fraction of the price it costs you to make them... your basically screwed on all fronts, RIP Intel.

"Guys we have a cake made of crap, let's ice it, and sell it with a guarantee on the box, that should work!"

 

[R-T-B]

Does this mean Intel is being pro-active against new threats? Or is it just building a maze to get to existing ones?

They are arguing "hardware security" is a good concept. Ironically, most security types fear this concept, and with good reason.

Hardware security bred ideas like the PSP, ME, etc.