Intel has just announced several new initiatives that use features specific to the Intel hardware platform to improve security, Arstechnica reported. The first one of these initiatives is Intel Threat Detection Technology (TDT) which is designed to use specific features in silicon to locate malware in a more efficient manner.
Threat Detection Technology Features Overview
1. Advanced Memory Scanning
There are two TDT features announced so far, the first one being Advanced Memory Scanning. The feature is aimed at malware that refrains from writing anything to disk where anti-malware software can also help but at a performance cost. Intel’s solution on the other hand should cause processor loads of not more than 20 percent.
In other words, instead of using CPU power to scan through the memory of a machine, the task is moved to the GPU. In typical desktop applications, the GPU sits there only lightly loaded, with abundant unused processing capacity, Arstechnica explained. According to Intel, moving the memory scanning to the GPU decreases the processor load with about two percent.
Note that the Advanced Memory Scanning feature is available for third parties. In addition, later this month Microsoft’s Windows Defender Advanced Threat Protection will also be adding GPU-based memory scanning. The feature can be deployed by other pieces of software as well.
2. Advanced Platform Telemetry
This feature is similar to the way that Windows Defender ATP tracks machine behavior to locate usage patterns that appear out of the ordinary. Thanks to this method even unknown pieces of malware could be located. The Advanced Platform Telemetry is an “Intel-specific twist on this same basic idea”, as Arstechnica puts it.
However, instead of using OS-level events, Intel’s telemetry will deploy the processor’s integrated performance counters to detect unusual processor activities. Let’s take malware that uses the Spectre flaw where the number of speculative branch mispredictions could be changed in a specific way. The processor will keep track of the number of such mispredictions, and will create data to be sent into the cloud to make inferences about the system’s health. According to Intel, this feature eventually will be integrated into Cisco Tetration.
Intel is placing these implementations under the Security Essentials term which is meant to represent a common set of hardware security features, as well as firmware to enable them, and software libraries to utilize them.