CHIPMAKER LOOKS TO REBUILD CONFIDENCE WITH THREAT-DETECTION TOOLS
Intel’s improved threat-detection tools, and Gmail nally gets a major overall
intel has devised a new framework that will result in security software running on the graphics chip instead of the potentially overburdened CPU.
Intel has laid out two security features under the banner of Intel Threat Detection Technology, in an attempt to shore up its reputation following the recent Meltdown and Spectre breaches.
Firstly, it said an “Advanced Memory Scanning” feature will shift the grunt work of antivirus scanning from the CPU to the GPU, reducing the system impact of security scans. This will also allow security software to do a more comprehensive job. According to Intel, some malware evades le-based antivirus software by never writing anything to disk, which makes it hard to spot and means that security software must monitor system memory. Scanning system memory, however, can have a huge hit on performance – up to 20%, Intel claims.
“Malware likes to hide in memory, but scanning that impacts users in terms of performance and power usage,” said Rick Echevarria, vice president in Intel’s Software and Services Group. “We’re of oading memory scans onto integrated graphics and by doing that we can increase the frequency of scans, which should improve detection while balancing performance.”
Intel said that its early benchmarking on test systems showed CPU utilisation dropped from 20% to as little as 2% when the GPU was the primary number cruncher.
Intel is positioning Advanced Memory Scanning as a feature for third parties to use and the company said Microsoft’s Windows Defender Advanced Threat Protection would add GPU-based memory scanning.
It should work with sixth, seventh and eighthgeneration Intel Core chips and security companies said they would implement the technology in future products.
“Using the graphics processor (GPU), should allow endpoint protection products to scan for ‘ leless malware’ without big impacts on CPU performance,” Sean Sullivan, security advisor to F-Secure, told PC Pro. “And as
leless malware is an increasing risk, that could very well be an important bene t. It’s always a bene t to reduce CPU impact.”
The second element of Intel’s new focus on hardware threatdetection involves telemetry and studying processor activity to monitor for anomalies. Windows Defender, for example, already monitors machine activity, looking for spikes that might suggest the presence of malware even if it can’t identify the actual strain.
Intel’s “Advanced Platform Telemetry” is similar, but rather than looking at what’s going on within the operating system, Intel’s telemetry uses metrics such as the processor’s integrated performance counters to spot unusual processor activity. Intel says the telemetry information should spot rogue processes without creating false positives.
Intel’s Advanced Memory Scanning feature will shift antivirus scanning from the CPU to the GPU