Out of the Box Hardware-Based Security

Help protect your business with new hardware-based security capabilities to mitigate endpoint security risks.1

Features for Hardware-Based Security:

  • Intel® Hardware Shield, exclusive to the Intel vPro® platform, helps protect and defend against modern threats with defense in depth at each layer: hardware, BIOS/firmware, hypervisor, VMs, OS and applications.

  • Intel is committed to product and security assurance and regularly releases functional and security updates for supported products and services.

  • Intel® Transparent Supply Chain (Intel® TSC) provides a mechanism for confirming component authenticity and traceability to help mitigate tampering and threats that can be introduced anytime in an asset’s life cycle.

author-image

By

Maintaining PCs security is critical to your business value and reputation. See how a modern PC platform helps businesses respond to increasingly sophisticated cyber threats by taking a combined software- and hardware-based security approach that helps protect vital assets, data, and infrastructure.

Why Software-Based Security Is no Longer Enough

Businesses typically rely on security software to protect their assets. But software-based security can be bypassed by an attacker who is sophisticated or skilled enough to find and exploit a vulnerability in software, firmware or hardware. By design, hardware and firmware have a better view of the system,—and a greater ability to protect it.

However, both hardware and firmware itself must also be protected. Hardware-based security features built in at the silicon level can help better protect up the stack, providing a trusted foundation for an organization’s endpoint security strategy.

What Is Hardware Security?

Traditional security software continues to offer a degree of protection for end users. And operating system (OS) security is moving toward a new model in which virtualized containers can be used to isolate and verify the integrity of applications, web browsers, and data running inside those containerized environments. Virtualization provides the ability to offer protection through isolation. It also minimizes what malware can do on the system, as it has limited access to system resources and lacks the ability to persist on the system. However, security software protections such as OS security, encryption, and network security represent only one dimension of IT security for today’s businesses.

Hardware-based security takes a multidimensional approach to not only complement software-based security but also add efficiency to implementing and managing protections to your computing infrastructure.

Your business needs a high level of assurance that its assets are protected through a comprehensive IT security strategy. This assurance requires high firmware visibility and resilience, resulting in the confidence that workloads are running on trustworthy platforms.

Hardware vs. Software Security
An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the operating system launch. Hackers are looking for ways to inject malware into this code beneath the operating system, which by default never required security and integrity checks designed into its sequence. As a result, the operating system will trust this code even when it contains a nefarious malware payload.

Tampering is another way a malware intrusion under the operating system can occur anywhere in the manufacture to delivery process. Physical attacks are getting easier and becoming more concerning for IT teams. To help mitigate this threat, a modern PC platform that can integrate hardware-enhanced security that starts at the assembly line & integrates operating system security that starts right out of box is necessary. In addition to manufacturers ensuring the authenticity of certified device components, golden measurements of firmware code are taken before the firmware is sealed, prior to transport and delivery. This approach enables IT to determine whether the newly received device has been tampered with before the first time it is turned on.

Of course, tampering can occur at any time in the asset’s life cycle. At each subsequent startup, the technology verifies the loaders that boot the code and execute the boot sequence of the firmware and operating system. This added layer of security helps mitigate the risk of tampering to introduce malicious code under the operating system.

A business-grade PC platform provides an additional layer of hardware-based security that gives your IT group a secure foundation on which to simplify and scale.

Security Strategies for the Business Environment

Hardware-enabled security plays a major role in a comprehensive security approach. Here are some of the key strategies businesses are adopting today.

Hardware-Enhanced Endpoint Security
Your PC fleet endpoints are targets for hackers to gain access to your data or embed malware inside your corporate firewall. The business implications of these security threats are motivating organizations to move toward a hardware-enhanced protection model that helps mitigate the risks of software-based security at the device level. With advanced endpoint security, AI models use hardware telemetry to help detect stealthy attacks.

Firmware Transparency and Assurance
This strategy involves removing firmware blind spots and improving visibility into your device platform, allowing IT to build the trustworthiness of what resides within a given platform.

Managed IT Environments
With enhanced manageability capabilities, IT administrators can remotely power systems up to deploy security patching or threat remediation, and then power them down when not in use to help conserve energy. They can use an out-of-band keyboard video mouse (KVM) feature to take over the keyboard, monitor, and mouse of off-site endpoints—even unattended systems—to deploy security patches. In addition, a managed IT environment boosts the ability to recover from errors or attacks and prevent denial of service.

Security Benefits of the Intel vPro® Platform

Intel vPro® platform for Windows provides hardware-enhanced security features that help protect all computing stack layers. Businesses can benefit from supply chain transparency and traceability of PC components, accelerated memory scans, and hardware-based support of Windows security services. Furthermore, IT has the ability to quickly roll out software fixes on critical vulnerabilities to managed PCs.

Explore the Intel vPro® platform

Endpoint Security

Endpoints are the portals hackers use to access your critical data or embed malicious code in your systems. And today’s workplace has a wide array of devices that can challenge endpoint security. Exclusive to Windows devices on Intel vPro®, Intel® Hardware Shield enables your IT team to implement policies in the hardware layer to help ensure that if malicious code is injected, it cannot access data.

System Hardening

Intel vPro® platform development has evolved through system hardening processes that have optimized hardware-based security features. The benefit to your organization includes enhanced firmware protection, that removes unneeded access to BIOS critical resources to help reduce its attack surface, and advanced threat detection.

OS Security Virtualization

12th Gen Intel vPro® is future ready for the next wave of Windows OS security enhancements with built-in hypervisor based security measures that help reduce the likely hood of memory redirection attacks that can compromise virtualized containers., and improved dram protection with improved multi key encryption. These feature will be enabled automatically with the latest version of the windows 11 OS.

Security Patching and Threat Remediation

Intel® Active Management Technology (Intel® AMT), exclusive to Windows PCs on Intel vPro® enables remote access and management across the organization. Your IT team can use these technologies to execute timely security patching and threat remediation. Security patching can update large populations of devices regardless of their location. Threat remediation is addressed by implementing countermeasures to help reduce an endpoint’s susceptibility to a specific attack.

Show more Show less

Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure.

Intel does not control or audit third-party data. You should review this content, consult other sources, and confirm whether referenced data are accurate.

Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.

Product and Performance Information

1

All versions of the Intel vPro® platform require an eligible Intel processor, a supported operating system, Intel® LAN and/or WLAN silicon, firmware enhancements, and other hardware and software necessary to deliver the manageability use cases, security features, system performance, and stability that define the platform. See intel.com/performance-vpro for details.