Computer system defenders must defend in all directions. Attackers need only find one flaw and they are in. And based on the never ending, numbing string of large scale compromises of systems, attackers are getting very good at finding those flaws. The most significant/insidious attacks are those that totally leap normal defenses and do things like place malicious code on your own system. Malicious code can contain undetectable snippets of software that log your keystrokes, for example.
The most significant adversaries target and attack the special parts of your computer that hold computer startup instructions, the BIOS (BIOS stands for Basic Input/Output System). If the BIOS area of a computer is attacked and the right malicious code is places there then it will start when the computer boots. This causes a system to boot into a state where the IT department will have a very hard time detecting whether it is infected with privacy stealing code or owned by an adversary.
As attack vectors get more sophisticated, our defenses must also. We must continually improve our collective ability to keep systems patched and well managed and must find ways to ensure computers boot from a BIOS that is known and trusted.
Fortunately, the hardware most of us have been buying of late comes with a security foundation built into it that can be utilized to help mitigate these threats. Computers which use Intel’s vPro technologies provide a means for enterprises to ensure systems:
- Boot from protected BIOS
- Only run good code (no malicious code)
- Are more quickly patched and updated
- Provide better security for remote access
- Enable faster, full spectrum encryption
- Provide more holistic security
The attached white paper, titled “Leveraging Hardware Design to Enhance Security and Functionality” provides more information on these capabilities. With broader awareness of the power of this capability we will be able to raise the bar in our system defense, which will increase our system resilience while lowering the cost due to security breaches.