Intel's vPro Chips Mean More Security for Businesses

With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike.

By wrapping a set of expanded security features around the vPro Core 2 Duo chips, the chip giant maintains it can help IT departments more easily protect and support their desktop systems, in large part by offering additional hooks for other vendors' PC defense and management tools.

With the addition of features that extend malware behavior-detection further onto the CPU level and wall off virtualized software systems from attack, Intel says it can greatly enhance the chips' interaction with complementary security technologies.

By adding new capability for desktops to communicate directly with so-called network access control (NAC) systems, Intel contends it can offer full-fledged security management opportunities that circumvent the need for device-OS interaction.

"The time [available] to respond to vulnerabilities is down and the sophistication of malicious attacks is increasing," said Gregory Bryant, general manger of Intel's Digital Office Platform Division. "We're trying to make security more proactive by driving it into the platform itself."

Intel is also touting other systems management and power-efficiency features in the chips, formerly known by the code-name Weybridge, but its sales pitch for the new vPros is centered on its security tools.

Bryant acknowledges that it may take years for the processors to find their way onto a large share of enterprise desktops. However, the vPros' technologies are aimed at other emerging IT phenomena such as virtualization and NAC, he said, which will help the processors fall in line with those trends.

The vPros' augmented Time-based Systems Defense Filters promise to scan every outbound packet traveling over the processor and maintain logs of suspicious behavior to identify unwanted network activity.

The chips address security concerns with virtualized software systems -- including integration issues with traditional anti-malware technologies and the opportunity for data theft via external attack -- with the addition of a pair of features.

Intel's Trusted Execution Technology -- which was developed under the code-name LaGrande -- promises to wipe out any residual data that may be left available when a virtual system is improperly shut down and to detect any attempts to modify the software it is running on. When combined with the chips' Intel Virtualization for Directed I/O technology, the processors will specifically be able to detect and ward off emerging attacks that seek to inject themselves between hardware and software systems by isolating virtual machines and cutting off outside access to their memory, Bryant said.

Through added support for the 802.1x standard for NAC and interoperability with Cisco's Admission Control guideline via its Intel Embedded Trust Agent, the chip maker claims that it can allow network security systems to garner device authentication information directly from desktops -- thereby eliminating the need for a PC to launch its operating system to interact with the tools.

"The inherent limits of security technologies are driving IT to make suboptimal buying decisions. Many of these decisions are driven by vulnerabilities in the security agents and operating systems," said Bryant. "Yesterday's processors are not capable of fostering security today."

Along with Cisco, Intel shared its launch with representatives from high-profile partners including Dell, HP, Lenovo, and Symantec, all of whom echoed the chip maker's assertion that its new security features will benefit the functionality and protection of their own products.

Representatives from massive government contractor General Dynamics said the virtualization protection tools in particular would drive sales of vPro-powered systems into the public sector and help agencies move to adopt the software approach more rapidly.

Industry experts observed that Intel's move to promote new security capabilities and interactivity in its products is both predictable and savvy, as nearly every other major IT platform provider has moved to increase their own interests in the area, including Cisco, EMC, Google, Oracle, and Microsoft.

"It's almost funny that security hasn't played a higher priority in PCs in the past. The potential is huge for loss and there are great opportunities to facilitate software technologies and their interaction with hardware, which is obviously critical," said James McGregor, analyst with Scottsdale, Ariz.-based research firm In-Stat.

"There's only so much that you can do in hardware, and no matter what you do someone can always find a way around it. The best way to protect yourself is to have a combination of hardware and software defenses," McGregor said. "But the areas that Intel gets into with the vPro aren't going to be adopted overnight; things like virtualization and NAC are being built into hardware and software adoption plans over time."

McGregor said it may take as long as five years for some of the vPro security features to prove their worth among large numbers of business customers, but he believes the tools should prove strategic for Intel to include nonetheless.

Roger Kay, analyst with Wayland, Mass.-based Endpoint Technologies, said that by moving to further embrace its role in securing the PC, Intel continues to align itself with important standards and IT trends that will help its products appeal to corporate IT buyers.

"Intel typically takes a strategy through which it creates or aligns itself with a platform and invites all the applications vendors to come in and build on top of that. They want to be the host of these industry standards, and they've been waiting for the right moment to introduce these security features," said Kay. "They're doing what they should and creating a platform for everyone else to play on, which should make the security software and PC makers happy and displace some existing hardware-level security providers whose technologies have been considered incomplete."

Subscribe to the Power Tips Newsletter

Comments