Intel presented a vision for security and software earlier this year at its Vision event in Dallas. I noted at the time that it gives new meaning to the tagline of “Intel Inside”—extending the metaphor beyond the processor technology Intel is known for. At the RSA Security Conference in June, Intel continued to drive the message of digital security and security assurance.
The Supply Chain
The term supply chain comes up frequently these days, but it has multiple connotations. There is the physical supply chain required to get goods and materials from Point A to Point B and beyond. The COVID pandemic, and extreme weather patterns caused by Climate Change have delayed or disrupted supply chains, causing repercussions throughout manufacturing and retail facilities that have resulted in product delays and empty shelves.
There is another supply chain as well, though: the digital supply chain. Most applications include elements and snippets of code from other programs or rely on API (application program interfaces) to connect with other systems and applications. There is a complex web of code that provides opportunities threat actors can exploit to hijack, compromise, or disrupt computer systems.
Security Assurance
I spoke with Tom Garrison, VP and General Manager of Client Security Strategy and Initiatives at Intel, about digital security and the initiatives that Intel is working on around security assurance. Tom told me that Intel is leveraging the insights they’ve gained with over 50 years of processor manufacturing to provide a higher degree of trust and assurance.
Intel is offering a standardized way of providing a digital, low-level understanding of the security posture and state of the device. As the makers of much of the hardware and processor technology the software runs on, Intel has a unique perspective in this area.
Tom emphasized that because Intel engineered the hardware, it gives them an advantage over attackers. For example, Tom talked about Intel’s Threat Detection Technology feature. Intel knows how the PC typically operates, and it can detect when it does things that are out of the ordinary and flag it with a high degree of accuracy.
There are other security solutions that attempt to do something similar, but it is a challenging problem to solve. Tom noted that platforms don’t follow an orderly, sequential set of steps, so it’s necessary to keep track of all of the different threads and be able to connect the dots to understand how it all fits together.
Building features like Threat Detection Technology in at the hardware level provides another major advantage. “The key element here is that at any point in the software stack, if you want to defeat the software protection, you go under it,” explained Tom. “If you can get underneath that software level, then by definition you can overcome whatever protections they have. Because we’re in hardware, there’s nothing below us.”
Complexity and Trust
There is a convergence where the nature of attacks is becoming more complicated and sophisticated, the technology ecosystem and the way we use devices is exploding, and the platforms themselves are more intricate. These factors make security more challenging and create opportunities for threat actors.
Tom drew an analogy to cars. He pointed out that a car in the 1980s was a simpler machine. Most maintenance and repairs could be done at home in your driveway. Cars in 2022 are a completely different story. The inner workings are much more complex. Troubleshooting and repair require specific knowledge and tools and often only the vehicle manufacturer is equipped to handle it.
He explained that today’s PC hardware is similar. It is increasingly complicated in order to deliver the features and value people expect, as well as the built-in protections Intel has developed to prevent attacks.
Tom summarized that this is an area where the industry has to evolve. “The complexity of all of these things coming together—the complexity of the platform, the complexity of the attack, the complexity of the usage—are all creating a sort of perfect storm where you realize very, very quickly that you have to get to a point of trust. And the point of trust is the hardware. You’ve got to get to a point of trust with the hardware as fast as you can and make certain that that is the one reality that you can anchor everything on.”
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024