Intel unveiled new anti-ransomware capabilities for its 11th generation Core vPro processors, requiring little from security chiefs to reap the rewards.
The new processors, which Intel announced during the CES conference earlier this week, provide two additional boosts for existing security products: access to processor-level data to determine ransomware attacks in progress, and the use of GPUs for machine learning to bolster defenses.
“Our simple message is that the latest technology in hardware and software can now work together,” Michael Nordquist, senior director of strategic planning and architecture in the business client group, told SC Media.
The processors leverage data aggregated for performance improvements as a data source that security products can then tap. While ransomware makers can try to obfuscate their processes to operating system level controls, Intel reasons it’s nearly impossible to hide the processor activity required to perform bulk encryption of documents.
Intel is offering a developer's kit and pre-written scripts for security vendors to use.
While chief information security officers would see performance improvements from upgrading chips for endpoint computers, one goal of the project is to provide the security benefits with no additional action from defenders.
“In the past, we’ve had solutions that required you to do something – to touch the machine,” said Nordquist.” There’s nothing people have to do. This makes what you have better.”
It also eliminates some of the reason CISOs might shun the technology. Moving machine learning to a graphics processor thwarts much of the drag on performance processor-based security mechanisms would have.
“Some of the things that help with security, CISOs won’t turn on because it would have an impact on the CPU. Unless employees are playing a lot of games, this shouldn’t be an issue,” said Nordquist.
vPro is Intel’s business-class line of processors. While the fundamental idea behind the project could be applied to home or IoT processors – both of which aggregate the same data – the machine learning would have to be tweaked for other purposes.
Cybereason has already pledged to be among the first security vendors to use the technology. Chief Technology Officer and co-founder Yonatan Striem Amit expects the company to be able to use the new capabilities sometime in the first half of 2021.
“Two things are important in how we fight ransomware," he said. "One is getting better quality data. Another is improving machine learning. This will help us do both."
While their products rely on a wide pool of data to detect threats, the chips will provide a unique addition.
“The beautiful thing about the processors is that it is an entirely different source of data,” he said.
This latest announcement comes a couple months after Intel joined other chip makers and Microsoft to announce "Pluton” – a new security processor chip design that will help prevent side-channel attacks.