Hardware-based Ransomware Detection Added to 11th Gen Intel CPUs

A recent announcement from Intel at CES 2021 stated that their new 11th generation vPro CPUs will have hardware-based ransomware detection. This is dont by using Intel Threat Detection Technology (TDT) and Hardware Shield that runs on the CPU underneath OS and firmware layers.

Intel Shield is a built in security feature offers security protection directly to the CPU hardware  such as:

  • Helping to prevent malicious code injection by restricting memory access in the BIOS at runtime.
  • Dynamically launching the OS and hypervisor in an Intel® hardware–secured code environment inaccessible from firmware. This technique also helps verify that the operating system and its virtual environment are running directly on Intel hardware, as opposed to malware that is spoofing the hardware.
  • Providing operating system visibility into the BIOS- and firmware-protection methods used at boot time.

Intel TDT security feature

Intel TDT Security (Source: Intel)

Intel’s TDT product brief explains that “As threats are detected in real-time, Intel TDT sends a high-fidelity signal that can trigger remediation workflows in the security vendor’s code. Intel TDT issues no specialized efficacy or performance reports; rather, the data is seamlessly incorporated as a part of normal endpoint sensor reporting,”

Intel to Partner With Cybereason for Hardware-based Ransomware Protection

Along with Intel’s announcement, Cybereason also announced that they would integrate their security platform with TDT to perform hardware-based ransomware detection.

CEO and co-founder, Lior Div, said that “This collaboration with Intel to add CPU based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware. The combination of best-of-class hardware, software, and security know-how provides defenders with full-stack visibility critical to ending the era of double extortion that is currently costing organizations hundreds of millions each year.”

Cybereason stated that they will benefit from the following by using the CPU metrics exposed by TDT:

  • CPU Threat Detection—Enables enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioral prevention of ransomware.
  • Full-Stack Visibility—Eliminates blind spots to expose ransomware as it avoids detection in memory or hides in virtual machines while differentiating legitimate data encryption processes for business purposes.
  • Unleash Machine Learning for Better Security—Enterprises can accelerate performance-intensive machine learning security algorithms by offloading to the Intel integrated graphics controller to boost capacity to analyze more data and do more security scans.
  • Accelerate Endpoint Prevention, Detection & Response—Enterprises can bolster the performance of their security agent processing for better user experiences.

Intel and Cybereason stated that this partnership will be the first time that PC hardware is being used directly to detect ransomware.

More Posts