The more things change, the more things … change.
The traditional relationship between IT decision makers (ITDMs) and chief information officers (CIOs) involves aligning technology with business strategy. But complex cyberattacks in the form of ransomware, phishing, and stealth malware mean the digital sands—and investment priorities—are constantly shifting for business leaders.
Let there be no doubt—it’s critical to adopt a new security posture to defend against cyber thieves who target firmware in the hardware. Like pirates hunting for buried treasure, attackers know the path to riches is found at the root level. The 2019 RobbinHood attack used firmware to gain root access to computers, encrypting all files until a Bitcoin ransom was paid by several city governments across the United States.
Hackers know that traditional, signature-based anti-malware software has no visibility below the OS. This blind spot is ripe for exploitation. In one study, Microsoft found that 83 percent of businesses had experienced a firmware attack, but only 29 percent of those organizations were allocating resources to protect this critical layer.1
Once firmware is breached, attackers can gain access to the OS and help themselves to precious organizational jewels like source code, passwords, credentials, and customer data. Such advanced attacks can evade traditional security programs because hackers modify their code enough to avoid signature-based detection.
What are CIOs and ITDMs to do? The answer is found in the bulwark of hardware-enhanced security, which is the course to chart in securing next-generation protection of code running below the OS.
Attainable protection across the entire device stack
Hear ye: the olde-time solution of antivirus software as a defense strategy is officially over. When attackers strike below the OS—evading anti-malware safeguards—the plunder in lost productivity and exploited data can be especially damaging and costly.
To reduce vulnerabilities, business leaders should look for a hardware-rooted defense that deploys from the moment a system powers on. This defense should mitigate the BIOS (which initializes and tests the system hardware components during the booting process) as an attack surface. Limiting BIOS access to system memory greatly diminishes malware’s power. Below-the-OS security, app and data protection, and advanced threat detection are a must.
One suite of products that meet these stringent criteria is Intel Hardware Shield, part of the Intel vPro platform. Right out of the box, Intel Hardware Shield helps protect and defend against modern threats with defense in depth at each layer: hardware, BIOS/firmware, hypervisor, virtual machines (VMs), OS, and applications. For example, the risk of malicious code injection is minimized by using Intel Hardware Shield to lock down memory in the BIOS when software is running. This helps prevent planted malware from compromising your OS.
Another key security feature of the Intel vPro platform is Intel Threat Detection Technology (Intel TDT), which enables profiling and detection across the entire device stack. Intel TDT is important because it’s a system-hardening defense that helps improve protection with accelerated memory scanning and advanced platform telemetry capabilities to expose attack behavior and other threats.
Intel TDT uses raw data to help identify polymorphic malware, file-less scripts, crypto mining, and other targeted attacks in real time. The technology is flexible in letting developers incorporate these capabilities, so threat-detection solutions can be extended in innovative, tailored ways.
One common pitfall of the fast-moving detection environment is false-positive alerts, which are time-consuming for IT staff to sort through. Intel TDT addresses this pain point with machine-learning (ML) heuristics to dramatically reduce false positives. Developers can fine-tune performance variables to attain a suitable balance for their solutions.
Clearly, integrated hardware-based PC protection is a key pillar of business productivity. Shutting down an entire class of attacks that has long evaded software-only solutions should be a top priority for PC fleet stability.
Take heart: fighting off modern-day buccaneers is demanding but finding safer waters for your enterprise system is entirely achievable.