Ransomware detection at the silicon level: Intel at CES 2021

With improvements to its Hardware Shield and Threat Detection Technology (TDT), Intel announced its ransomware detecting capabilities for its 11th Gen Core vPro processors today at the 2021 Consumer Electronics Show.

Cybereason, based in Boston, also announced a partnership. The safety firm expected to feature support for these new features to its security software within the half of 2021.

Both companies said this is often ready to mark the first-ever case where “PC hardware plays an instantaneous role” in detecting ransomware attacks.


Under the hood, all of this is often possible via two Intel features, namely Hardware Shield and Intel Threat Detection Technology (TDT). Both technologies are included in Intel vPro, a set of enterprise-oriented technologies that are bundled with a number of Intel processors. Hardware Shield, a CPU-telemetry-based feature that locks down UEFI and BIOS, detects possibly malicious code.

Both technologies work on the CPU directly, many layers under software-based threats, like malware and antivirus solutions. The thought behind Intel’s new features is to share a number of its data with security software and permit it to identify malware that will be hiding in places where antivirus apps can’t reach.

“Intel TDT uses a mix of CPU telemetry and ML heuristics to detect attack behaviour,” Intel said during a handout today. Using Intel CPU performance monitoring unit (PMU), the tool detects ransomware and other threats that leave a footprint on the CPU.” “It provides a more accurate picture of active threats across multiple layers, including desktop applications, operating systems, and virtualization layers,” the company said. “As threats get detected in real-time, Intel TDT sends a high-fidelity signal which can trigger remediation workflows within the safety vendor’s code.”

Since Hardware Shield and TDT run many layers below Hardware Shield, Intel and Cybereason claim your company can detect ransomware attacks even if the ransomware strains hide inside virtual machines to avoid detection.

The Client Computing Group vice chairman and head of Business Client Platforms at Intel, Stephanie Hallford, said, “Ransomware was a top security threat in 2020; software alone will not safeguard against continuing threats.”.

This platform, based around the 11th Gen Core vPro, is the first device to provide silicon-enabled threat detection, providing the needed hardware-based protection against this kind of attack,” said the Intel executive.

Businesses will be able to have fully stacked visibility from CPU telemetry and Cybereason’ s multi-layered protection to help prevent ransomware from evading the traditional signature-based defense.”

To use the new feature, systems administrators only need to use security software that supports it. CPUs are required because most vPro features are optional; Intel has recently made Hardware Shield mandatory for all new CPUs starting with its 10th Gen release.

While Cybereason is the first to support detecting ransomware using hardware indicators, other security vendors will presumably tap into it within the feature.

Today’s news comes after Intel has been investing heavily in security in recent years. In June 2020, Intel also announced it had been adding its new Control-flow Enforcement Technology (CET) to CPUs, a feature it said could help protect systems against malware that uses Return Oriented Programming (ROP), Jump Oriented Programming (JOP), and Call Oriented Programming (COP) techniques to infect devices and hijack apps.