Organisations across the board are under constant attack from threat actors and advanced cybercriminal groups. The common wisdom today is that when it comes to attacks, it’s no longer a case of ‘if’, but rather ‘when’ or ‘how often.’
This is unsurprising given the ever-evolving threat landscape. Malefactors are more determined and cunning than ever, and are coming up with increasingly complex and sophisticated tools to carry out their attacks. Add to this the new normal of remote and hybrid working which has seen the attack surface expand exponentially, and it’s not hard to understand why stories of breaches litter the headlines on an almost daily basis.
Hardware in the crosshairs
Enhanced security is crucial
Innovation with security at the core
Backed by innovation and leadership
Securing the data centre
Building a chain of trust
Security at every layer
Cybercriminals use a range of methods and tools to attack IT infrastructures and access sensitive and confidential company data. Nowadays, software can be spoofed by breaches at the lower layer. In other words, if the firmware, basic input/output system (BIOS), operating system (OS), or hypervisor is compromised, attackers can gain privileged access to all the company’s systems.
However, it's not just about software and operating systems any longer. More and more, we are seeing bad actors targeting hardware and firmware, which is why it takes a combination of software and hardware-based security features to help keep IT infrastructure secure, starting from the root with platform silicon.
Today, cybercriminals are exploiting vulnerabilities to manipulate the firmware or to read data that the PC or server is processing in its system memory. This data can include information that could prove catastrophic in the wrong hands, such as passwords, character strings used for encryption, and other access credentials.
Over the years, organisations have found ways to secure and defend software and operating systems from hackers, but this alone is no longer enough. Security is always a catch-up game for defenders, and attackers have developed new tools and tricks to bypass software protection.
This is why an additional, hardware-based security layer is essential, as this enables a more comprehensive level of protection for the entity’s entire system. Intel integrates appropriate technologies in its Xeon 3rd Gen processors and has developed and integrated security solutions into its industry-leading hardware.
Because attacks have evolved to the extent that software-only security is no longer sufficient, Intel has taken a new approach to security with an unwavering focus. This focus guides how the chip-making giant builds and supports products that its customers can trust.
Intel’s technologies are enhanced by the security development lifecycle, extensive security research, and computer lifecycle assurance. Understanding that security is a system property rooted in hardware, Intel believes that every component from software to silicon plays a role in helping to secure data and maintaining device integrity.
Intel’s hardware security technologies are designed to address three key priorities, which help drive the company’s vision for a world where all data is encrypted:
Intel security technologies were created to operate beyond the reach of corrupted software and are backed by over 50 years of innovation and industry leadership. They design and engineer only trustworthy computing foundations that customers can rely on.
All these technologies power data protection solutions that scale from client virtualisation to confidential computing in the data centre.
Making sure that a critical base of protection exists across the platform, focused on identity and integrity, Intel has a long history of delivering technology to help ensure the platform comes up correctly and runs as expected.
When it comes to cybersecurity, there are few places that are more critical than the data centre. Security is undoubtedly one of the most critical features of any data centre - after all, a company’s mission-critical infrastructure is housed there, as are its most proprietary and confidential data assets.
Data centre security refers to the technologies, tools, and procedures that help protect the servers within the data centre, as well as all data and applications that are housed within them. Servers need to be both physically and virtually secure.
With this in mind, the Intel Xeon Scalable platform brings a hardware-based root-of-trust environment, as well as protection features that extend up from the silicon, through the platform hardware and firmware, helping to protect critical data centre infrastructure.
Because a chain is only as strong as its weakest link, security is only as strong as the layer below it. By starting with a root of trust in the silicon, security practitioners can help lay a trusted foundation for computing. Security features can be bolstered at each layer to make the full system and stack more secure by design, creating a chain of trust through the firmware, BIOS, OS, and hypervisor.
This takes a huge amount of pressure off the software and helps to reduce any impact on system performance, ensuring that the business does not need to sacrifice performance for security.
Intel security technologies also enable server hardening and fully support Trusted Platform Module (TPM) standards. With technologies like Intel Software Guard Extensions (Intel SGX), Intel can help security architects take a further step toward implementing a truly zero-trust strategy as well as align further with industry data centre security standards.
Protecting data centre and cloud environments requires a multi-layered approach, incorporating sophisticated technologies at every layer, from firmware to BIOS to data.
Firmware Security: At the firmware layer, malicious code has highly privileged access to the system. It is also tricky to root out using software alone. Boot Guard and Intel Platform Firmware Resilience (Intel PFR) can help verify firmware at the startup, block interference, and recover to a known state if any compromise occurs.
BIOS, OS, and Hypervisor: At this layer, malware has privileged access to applications and potentially hardware too. Intel Trusted Execution Technology (Intel TXT) helps confirm that the BIOS, OS, and hypervisor have not been tampered with in any way.
Data and Applications: If other layers are compromised, data and applications could be rendered vulnerable and exposed. Intel SGX was designed to establish secure enclaves and protect data and code within the hardware.
In order to improve the isolation of sensitive data payloads with hardware-based memory protections, Intel has also joined the Confidential Computing Consortium, an emerging industry initiative that is focused on securing data in use.
Its aim is to enable encrypted data to be processed in memory while reducing the risk of exposing that data to the rest of the system. This, in turn, minimises the potential for sensitive data to be exposed while enabling a higher degree of control and transparency for users.
In today’s multi-tenant cloud environments, where confidential data should be kept isolated from other privileged portions of the system stack, Intel Software Guard Extensions (Intel SGX) plays a vital role in making this capability a reality.
As technology moves to span multiple environments, ranging from on-premise to public cloud, and to the edge, businesses need protection controls that safeguard sensitive information and workload data no matter where the data resides.
To experience the advanced security capabilities of 3rd Gen Intel® Xeon® Scalable Processors, contact us today.