Protection paradigm is shifting from pattern recognition to behavioral techniques, says Intel Labs director of security research Sridhar Iyengar.
In our gut, we all get that hardware-based security should outstrip the traditional, software-centric approach to antivirus protection. But does that feeling stand up to a back-of-the-napkin analysis? Well, yes.
Microprocessor instruction-set extensions tuned to the needs of malware identification algorithms will speed the execution of such software. That's because task-specific instructions make it easier to write tighter programs.
The counterargument might be: If CPU time is "free," implementing new primitives in 100 lines of code, rather than on-chip, is free, too. That's "wrong" because such code takes longer to than its hardware-steeped cousins. So one can assess more threats -- i.e., perform the more detailed analysis necessitated by today's stealthier malware -- in the same about of time.
OK, so we've just stipulated that hardware-based security is an essential tool in fending off the rising tide of malware. Think cybercriminals in shady Eastern European outposts, wreaking random havoc like the aimless assassins in Taken 2. Of course, such gangs are amateurs compared with government actors -- Stuxnet, anyone?
So we have multiple reasons that hardware-based security is ascendant. Having strong engineering legs in both process and security camps, Intel is perhaps the leader in advancing this approach.
Intel acquire McAfee in 2011. The security vendor continues to operate as a separate brand, and it still sells security software. But it's a key component -- providing smarts and a solid go-to-market channel -- of Intel's broader intentions to field comprehensive, new ways of protecting the difficult to protect. (Note that the McAfee play additionally verifies that packaged consumer security software isn't going away. Rather, it'll become more effective.)
Tines of the Intel and McAfee security effort.
One component of Intel's hardware approach has been to add six processor-level instructions to support the AES encryption standard. Intel says the instructions can speed encryption, which protects data sent over the network or to the cloud, by two to three times.
It's important to point out that diving into the hardware to bring security to new heights is no Kevin Mitnick come lately. Intel's been riding the hardware-security bandwagon for years.
For example, when I talked in 2009 with Intel chief technology officer Justin Rattner, who's also an Intel Senior Fellow and Director of Intel Labs, he told me the following:
Alex Wolfe: You've explored having the processor handle security. Tell us about that.
Justin Rattner: We have manageability engines (MEs), which underlie our VPro architecture. We use those both for manageability and security. Longer term, we need a general-purpose solution. We need an architectural breakthrough which allows an open platform to selectively and programmatically become closed during a secure computational phase. What we ultimately need is being able to go into stealth mode for brief periods of time and then come back into the open.