Hardware Based Ransomware Detection on Intel CPUs

Hardware Based Ransomware Detection on Intel CPUs

Intel announced hardware based ransomware detection capability on its 11th generation Core vPro class processors. The mechanism will help mitigate threats with increased detection capabilities and more timely actions at the software level.

Hardware Based Ransomware Detection on Intel CPUs: Intel announced that their 11th generation Core vPro class processors will be able to detect ransomware at the hardware level. This hardware level protection capability will be possible with two Intel technologies, Intel Threat Detection (Intel TDT) and Hardware Shield, that run directly on the CPU.

Intel TDT is a security technology that uses hardware telemetry and machine learning based heuristics to detect malicious activities such as ransomware, crytomining, fileless malware, polymorphic malware etc. Upon discovering an anomaly, TDT will inform the higher level security mechanisms, such as anti-virus, anti-malware, firewalls etc. to take the required action against possible threats. In other words, TDT will cooperate with software level security mechanisms by sharing more insight into the hardware level activity, so that threats can be mitigated with increased detection capabilities and more timely actions.

Intel Hardware Shield, on the other hand, provides security protections directly to the CPU hardware. Basically, it restricts memory access in the UEFI/BIOS, dynamically launches OS in a hardware secured code environment and provides OS visibility into the BIOS at boot time.

Quote by Donald Trump
Quote by Donald Trump

Cyber theft is the fastest growing crime in the United States by far.

Donald Trump

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

Since both of these technologies run on the CPU directly, below the firmware and operating system layers, they provide more efficient and reliable security protections.

To make use of this hardware level security technology, system administrators simply need to run security software that supports this novel technology. No other hardware level interaction or adjustment is required.

As can be remembered, Intel also announced in June 2020 that it was adding another hardware level security mechanism, Control Flow Enforcement Technology (CET) to help protect against malware that use Return Oriented Programming (ROP), Jump Oriented Programming (JOP) and Call Oriented Programming (COP).

To learn more about threats originating from malware, you could also read our article What Is Malware and Its Types?