SAN FRANCISCO — At an Intel event on Monday night, Meltdown and Spectre remained the bugs-that-must-not-be-named, with Intel VP Rick Echevarria only calling them the “vulnerabilities disclosed in January.”
These chip design flaws, however, set the stage for Intel’s silicon-level security technology it announced at the start of RSA Conference 2018. The new Threat Detection Technology — which will be used in Cisco and Microsoft products — embeds security into the chips, according to the chipmaker.
“Intel Threat Detection Technology is a set of silicon capabilities to help the ecosystem do a better job at detecting a new class of threats,” said Echevarria, vice president in the software and services group and general manager of the platforms security division at Intel.
Intel announced two of these capabilities on Monday. The first is accelerated memory scanning.
Current malware scanning that runs on CPUs can detect memory-based attacks, but they also tend to slow processing power. Intel’s new technology offloads virus scanning to its integrated graphics processors, which the company says enables more scanning while reducing performance and power impact.
“We’re seeing CPU utilization go from 20 percent to 2 by offloading memory scanning to Intel integrated graphics processors,” Echevarria said.
Microsoft will integrate accelerated memory scanning into its Microsoft Windows Defender Advanced Threat Protection’s (ATP) antivirus capability, which it launched at the RSA show.
Cisco Tetration Integration
The second capability is advanced platform telemetry, and it will be integrated into Cisco’s Tetration analytics platform. This feature combines platform telemetry with machine learning algorithms to improve threat detection. “But in addition to improving detection, it also reduces the number of false positives and improves performance,” Echevarria said.
Roland Acra, SVP and GM, data center business group at Cisco, said the partners don’t have a ship date for the Tetration integration. It’s “in the works,” he said, adding that the technology will help Cisco customers prevent future CPU flaws.
“Some of the signals that Intel produces are associated not so much with a vulnerability, but with an actual exploit, like Spectre and Meltdown, for example,” Acra explained. “So really the issue is that for every million servers that could be exploited because they have the vulnerability, there’s one that actually has the exploit.”
The Intel platform telemetry combined with Tetration’s analytics will allow companies to only upgrade infected servers, as opposed to upgrading all servers that could potentially be infected. “That’s too much work, and people don’t have time for that,” he said. “It is really to reduce the work to the ones that are actually being exploited.”
Also at the event, Echevarria announced something called Intel Security Essentials, which he said ensures a consistent set of root-of-trust hardware security capabilities across Intel Core, Intel Xeon, and Intel Atom processors. These include secure boot and hardware protection, and are part of the hardware-based security improvements promised by CEO Brian Krzanich last month to prevent future attacks like Sprectre and Meltdown.
The company also remains committed to helping fix the shortage of cybersecurity professionals, Echevarria said. To that end Intel partnered with Purdue University to co-develop and launch its Design for Security Badge program for students and professionals.
“Our commitment to product innovation for security as well as our participation in this ecosystem is built on three pillars: reinforcing the root of trust, silicon innovation, and industry collaborations beyond technology,” he said.
Photo: Intel VP Rick Echevarria talks chip security at an RSA Conference 2018 event.