Whether you are a large corporation or small business, protecting your customers and business data is important. There are numerous reports of computers being lost or stolen containing very sensitive information such as banking records, individuals’ health information, and even government FBI investigations.
With modern notebooks and desktop PCs that are never fully turned off, the threat of this data being stolen from a physical attack (sometimes referred to as a “Cold Boot Attack”) is high. Many security mechanisms, even drive encryption, can be defeated through this type of attack.
Through a modern, multi-layered approach to security, AMD processors help protect sensitive data from today’s sophisticated attacks, help avoid downtime, and can reduce resource drain. In particular, AMD Memory Guard brings a new security feature to help address an old industry problem.
When users login to their computer many of the system secrets are stored within the DRAM, un-encrypted. With physical access to a PC an attacker may be able to chill the memory, reset the system bypassing memory clearing functions, and read the contents. As a result, the keys used for drive encryption and user passwords stored in memory can be extracted. Unfortunately, this has been an industry problem going back more than 10 years. While in recent years DDR4 memory scrambling techniques have helped somewhat they have been publicly proven to not provide an effective protection against a physical memory attack.
Up until AMD developed Memory Guard the only way to help protect against this type of attack was to completely turn the PC off after each use. In fact, many storage encryption vendors still recommend this approach today. While effective, the problem is end users expect a more responsive computing experience with the ability to leave and resume their work without ever turning their computer off.
The industry responded by pushing towards the widescale use of modern standby where a PC stays in standby mode ready to resume functioning where the user left off within seconds. This greatly improves the user experience and productivity, but it also brought back into focus the risk from physical attacks. Finding a solution to this dilemma between productivity and data security is the type of technology challenge AMD is dedicated to solving.
Businesses must look at all aspects of endpoint security as essential tools in their security defenses while also being mindful of how the modern PC is being used.
With AMD PRO security technology, users get the benefit of AMD Memory Guard, which enables system memory encryption to help reduce the threat of physical memory attacks even if a system is left in standby mode. When used in combination with other technologies, like drive encryption, TPM, and system authentication, businesses can continue to help protect data while also allowing users to be more productive by not having to shut down their PC after every use.
Click here to read the entire AMD white paper.
* For general business laptops and desktops AMD Memory Guard, full system memory encryption, is included in AMD Ryzen PRO and Athlon PRO processors. PP-3