At the Intel Security Day event during RSA Conference 2020, Intel underscored its commitment to security with several announcements, including details on security capabilities coming in future products.
“Hardware is the bedrock of any security solution. Just as a physical structure requires a foundation established on bedrock to withstand the forces of nature, security solutions rooted in hardware will provide the greatest opportunity to provide security assurance against current and future threats,” said Tom Garrison, Intel vice president and general manager of Client Security Strategy and Initiatives. “Intel hardware, and the assurance and security technologies it brings, help harden the layers above from attack.”
Application isolation helps protect data in use with a very narrow attack surface. Already deployed for production data centers and solutions, Intel Software Guard Extensions (Intel SGX) will expand to a broader range of mainstream data-centric platforms, and is expected to provide larger protected enclaves, extended protections to offload accelerators and improved performance.
VM and container isolation already helps provide protections in virtualized environments, isolating them from each other and from the hypervisor and cloud provider without requiring application code modifications.
In addition, full memory encryption helps better protect against physical memory attacks by providing hardware-based encryption transparent to the operating system and software layers.
Intel Platform Firmware Resilience is an Intel FPGA-based solution that helps protect the various platform firmware components by monitoring and filtering malicious traffic on the system buses. It also verifies the integrity of platform firmware images before any firmware code is executed and can recover corrupted firmware back to a known good state.
Intel’s Compute Lifecycle Assurance Initiative was laucnhed in December, and sicne then it has gained traction with Intel's customers and ecosystem partners, starting with the foundational offering Intel® Transparent Supply Chain (Intel TSC).
Intel TSC tools allow platform manufacturers to bind platform information and measurement using the Trusted Computing Group’s (TCG) Trusted Platform Module 2.0 (TPM) standard, also referred to as ISO 11889. This allows Intel's customers to gain traceability and accountability for platforms with component-level reporting.
Intel TSC is currently available for Intel's customers across Intel vPro platform-based PCs, Intel NUC, Intel Xeon SP systems, Intel solid-state drives and certain Intel Core commercial PCs.
Intel also enables ecosystem partners with Intel TSC tools. Today, Hyve Solutions, Inspur, Lenovo (client and server), Mitac, Quanta, Supermicro and ZT Systems have enabled Intel TSC tools. In addition, Intel has active deployments of Intel TSC with enterprise IT and cloud service providers.
Intel is also participating and contribues to industry initiatives and standards bodies, including the Confidential Computing Consortium under the Linux Foundation, the FIDO Alliance’s IoT Technical Workgroup and the newly expanded Common Weakness Enumeration led by MITRE.