Intel today announced several solutions designed to scale and accelerate the adoption of hardware-enabled security across data center, cloud, network and edge.
Intel Software Guard Extensions (Intel SGX) was designed to help create more secure environments without having to trust the integrity of all the layers of the system. The technology isolates specific application code and data to run in private regions of memory, or enclaves. Intel SGX is currently used by top cloud providers, including Alibaba Cloud, Baidu*, IBM Cloud Data Guard and Microsoft Azure for various projects to help protect customer data at runtime. Today, Intel announced new products and ecosystem solutions that enable Intel SGX to be used even more broadly in the data center.
Intel introduced the Intel SGX Card, a new way to help extend application memory protections using Intel SGX in existing data center infrastructure.
Though Intel SGX technology will be available on future multi-socket Intel Xeon Scalable processors, Intel brings this hardware security solution today. Benefits offer access to larger, non-enclave memory spaces, and some additional side-channel protections when compartmentalizing sensitive data to a separate processor and associated cache. Availability is targeted for later this year.
To enable cloud adoption of Intel SGX at scale, Intel and its partners also introduced new tools and capabilities that enhance operational control, simplify development and support emerging workloads.
- Operational Control: Intel is delivering a new capability called flexible launch control that enables a company’s data center operations to set and manage their unique security policies for launching enclaves as well as providing controlled access to sensitive platform identification information. This capability is currently available on Intel SGX-enabled Intel Xeon E Processors and some Intel NUC’s.
- New Developer Tools: Fortanix launched its Enclave Development Platform (EDP), the open-source software development kit (SDK) that uses the security properties of the Rust programming language and Intel SGX to deliver a more secure application development platform. Developers can build enclaves with Rust to help improve protection from development vulnerabilities and outsider attacks. The Fortanix EDP is integrated with the Rust compiler allowing developers to immediately build, sell or distribute the secure applications they create.
- Scale for Emerging Workloads: Baidu announced a preview of its Intel SGX-enabled MesaTEE that delivers artificial intelligence algorithm protection for cloud and edge computing devices.
Intel is delivering new capabilities to Intel Threat Detection Technology (Intel TDT), a set of silicon-level capabilities that helps detect classes of threats.
Intel is expanding Intel TDT capabilities this year to include support for Linux on servers in virtualized data center and cloud environments. Intel TDT combines platform-level telemetry infrastructure and machine learning models to detect targeted attacks. Detection alerts based on the heuristics are sent to the security service provider (ISV) for remediation. Integration of the Intel TDT stack into the existing ISV solutions results in improved performance and lower incidences of false positives. At RSA Conference, Intel will demonstrate Intel TDT on Linux using Intel-developed heuristics to detect unauthorized execution of specific cryptomining workloads.
Shrinking the Attack Surface
- Device Design: Intel announced Host-based Firmware Analyzer, a new tool for the TianoCore open-source firmware community. Intel is delivering a framework that automates the testing of firmware components prior to system integration. The Host-based Firmware Analyzer allows developers to run open-source advanced tools, such as fuzz testing, symbolic execution and address sanitizers in an OS environment. This tool is targeted for availability in the first half of this year.
- Secure Device Onboarding: For secure device provisioning and management of internet of things (IoT) devices before they are activated on corporate networks, Mocana announced full integration of Mocana TrustCenter with the Intel Secure Device Onboard service. This solution reduces the burden on OEMs to pre-load customer specific credentials in the supply chain and delivers a model where cloud selection and configuration happen dynamically when first powered on.
- Defending Firmware: Intel and Eclypsium announced a collaboration that helps organizations manage the entire hardware and firmware attack surface for threats. The Eclypsium Platform, now generally available, analyzes the system configuration and ensures the latest firmware is deployed.
- Scaling Enterprise Endpoint Protection: Qnext announced integration of Intel SGX in remote access of its sharing and collaboration platform FileFlex. Intel SGX helps improve FileFlex Enterprise security for Microsoft Office 365 users when accessing files and folders from source locations at the edge of the network.