Three Layers of PC Security to Protect Hybrid or Remote Users

Connection

Security is more important than ever. Cyberattacks are relentless, increasing in number, complexity, and severity of attacks. Cybercriminals no longer just steal data but now commandeer system-wide compute resources.

Minimize Security Risks

One of the most common ways hackers get into systems is to access a compromised PC and get encryption keys, passwords, and sensitive data. Many organizations rely on software-based security while hackers continue to evolve their techniques to go beyond software to hardware infrastructure vulnerabilities. This presents a challenge for the IT team, which must manage PC fleets, including security for hybrid or remote locations, while meeting regulatory compliance requirements for data localization and privacy.

The solution is to invest in hardware-based technology that protects information security from endpoint to network edge to cloud. That means defense at each layer of infrastructure and applications, including the hardware, BIOS/firmware, operating system (OS), and virtualization machines (VMs).

Intel has built and evolved the Intel vPro® platform to provide the most comprehensive security for businesses.The goal of each new generation is to reduce the attack surface, adding more defense-in-depth and zero-trust security protections up and down the stack.

Multi-Layered Hardware Protection

As an example of this security assurance, Intel® Hardware Shield on the Intel vPro1 platform comes with three groups of security technologies built into each layer of the processor, meaning they work upon system boot without any extra steps or IT enablement. These protections help ensure safety in hybrid or remote work environments.

  1. At the firmware and below-the-OS security layer, Intel Hardware Shield technologies ensure only untampered firmware and trusted OS images will load with Intel® BIOS Guard and Secure Boot.
  2. Within the application and data protections layer, defense is enhanced through virtualization-based security and hardware-based encryption that help protect endpoint applications and data at every layer without impacting the user experience.
  3. At the advanced threat detections layer, monitoring CPU behavior and GPU offloading for potential attack activity can help ward off malware that evades traditional antivirus software and mitigate extreme attacks like control-flow hijacking, ransomware, and crypto mining.

Also included in the security ecosystem within the Intel vPro platform is Intel® Threat Detection Technology (Intel® TDT). This technology uses a combination of CPU telemetry and machine learning (ML) heuristics to detect—in real time—anomalous activity and potential threats that leave a footprint on the Intel® CPU performance monitoring unit (PMU), which sits beneath applications, the OS, and virtualization layers on the system. In other words, this helps address supply chain–style attacks that infect business applications. 

Microsoft Defender for Endpoint will soon leverage Intel TDT to help detect ransomware cryptojacking and to perform accelerated memory scanning on hundreds of millions of endpoints. In fact, Microsoft ensures security in the operating system for high levels of hardware, software, and identity protection features.

Security Standards

When it comes to industry security standards, Intel follows rigorous policies and procedures spelled out in the Security Development Lifecycle (SDL) to integrate security principles and privacy tenets at every step of hardware and software development. Intel has dedicated experts driving a security-first mindset that starts with research and design and doesn’t stop until products reach end of service.

Further accelerating adherence to industry security standards, the Intel vPro platform delivers 47 built-in MITRE ATT&CK countermeasures.2 In addition, Intel worked with security expert Coalfire to help validate how procuring an Intel vPro platform-based PC provides a meaningful accelerator for adopting security standards and best practice initiatives. The Coalfire report maps out how Intel vPro platform capabilities help achieve support for five key NIST, TCG, and FIPS security standards.

The Intel vPro platform also comes with remote management capabilities to help with fleet security so the IT team can administer processes at both the software and hardware level. This means devices can be monitored, maintained, and managed wherever they are, including ensuring devices have current operating systems, antivirus technologies, and malware-scanning software. Two of the tools the Intel vPro platform provides for remote device management are as follows:

  • Intel® Active Management Technology (Intel® AMT) provides persistent out-of-band connectivity that operates independently of the OS, allowing fixes to a wide range of systems issues—even when the OS is down in a hybrid or remote work environment.
  • Intel® Endpoint Management Assistant (Intel® EMA) enables cloud-based Intel AMT remote management capabilities for devices outside the firewall.

Altogether, Intel Hardware Shield on the Intel vPro platform provides the most comprehensive off-the-shelf, built-in PC security for your business3 while providing the IT team a direct path to remote device management.

Workplace Transformation

As sophisticated attacks continue to evade conventional tools and processes, IT security teams must adopt new technologies, including hardware-based solutions, to deploy new detection and response capabilities. Intel infrastructure ensures you have the protection you need for successful workplace transformation. 

When it comes to workplace transformation, organizations cannot afford to rely on software-based security alone. Invest in the right hardware-based solutions for confidence in a secure hybrid or remote work environment for data and infrastructure safety as well as employee productivity and job satisfaction.

Connection’s security practice can help with industry-leading assessments, analysis, and technology planning and integration. Visit our Workplace Transformation Services for more information or contact your Account Manager to learn how our collaboration with Intel, Microsoft, and other equipment manufacturers deliver secure PC solutions.

Additional resources on security technologies

Intel Hardware Shield Overview

Intel Hardware Shield – Below-the-OS Security

Intel Virtualization Technologies

Advanced Threat Protections White Paper

Cross-Platform Feature Comparison

FOOTNOTES

  1. As measured by the unrivaled combination of above- and below-the-OS security capabilities, app and data protections, and advanced threat protections the Intel vPro® platform delivers for any size business, as well as Intel’s security-first approach to product design, manufacture, and support. All business PCs built on the Intel vPro platform have been validated against rigorous specifications, including unique hardware-based security features. See intel.com/PerformanceIndex (platforms) for details. No product or component can be absolutely secure.
  2. See intel.com/PerformanceIndex (platforms) for details. No product or component can be absolutely secure.
  3. All versions of the Intel vPro® platform require an eligible Intel® Core™ processor, a supported operating system, Intel® LAN and/or WLAN silicon, firmware enhancements, and other hardware and software necessary to deliver the manageability use cases, security features, system performance, and stability that define the platform. See intel.com/performance-vpro for details.

Intel® technologies may require enabled hardware, software, or service activation. No product or component can be absolutely secure. Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.

© PC CONNECTION, INC. ALL RIGHTS RESERVED.