Intel’s Hardware-Assisted Security
October 21, 2011 Leave a comment
- ‘Hardware-assisted security’ is Intel’s preferred phrase to describe how security features in its silicon can be used to deliver additional functionality to new or enhanced software-based threat protection products.
- McAfee has been working hard to make Intel’s vision a reality, first with last month’s DeepSAFE announcement and then this week with the first look at Deep Defender and Deep Commander.
Last month, Intel and McAfee made a bit of a stir with their announcement of DeepSAFE technology that provides a foundational element for McAfee software to leverage security features in Intel silicon. DeepSAFE is important to Intel, because it helps to justify the McAfee acquisition. It got the market’s attention, because the technology was described repeatedly as “game-changing.” Well, fast forward to this week and Intel/McAfee have released the first products that build on the DeepSAFE technology: Deep Defender and Deep Control. Deep Defender monitors system activity (i.e., CPU and memory) to detect and block rootkits. Deep Control is a plug-in for McAfee’s ePO management system that leverages Intel’s Active Management Technology to allow some very cool remote management and update capabilities on devices running Intel Core i5 vPro and Core i7 vPro processors.
While this is interesting stuff and more is promised, it is still unclear exactly how it is “game-changing.” For one thing, how much of the overall threat landscape is being addressed with these new products? Rootkits are a serious threat that need to be better addressed by the market, but that can be said about a lot of threats going all the way up the stack. (However, DeepSAFE does provide some immediate incremental value up the stack. By providing a root of trust, DeepSAFE can protect existing McAfee client agents from being manipulated or disabled by malware.) Perhaps the chief limitation to Deep Defender is that it only runs on Windows 7. DeepSAFE might eventually be game-changing, but we aren’t playing in the big leagues yet. One bit of good news is that Intel plans to have its vPro security features enabled on its mobile chip sets within about 18 months. This will provide a foundation for McAfee to apply DeepSAFE to mobile devices and therefore significantly expand the market for products which build on that technology. In addition, it is important to keep in mind that, more generally, DeepSAFE is making Intel’s vPro features much more usable. Intel has shipped millions of processors that support vPro, but the features have never been embraced with any real gusto by Intel partners. While it is easy to look at Intel’s promotion of hardware-assisted security as a way to justify the McAfee acquisition, you could also look at the McAfee acquisition as a way to justify vPro.