Hardware is Key to Stronger, More Scalable Security

When it comes to cybersecurity, federal agencies are awash in solutions, from basic tools like firewalls to sophisticated SIEM and SOAR solutions. It’s worthwhile, though, to take a step back and think about the role of the computer in cyber defense.

The hardware itself, the silicon chip(s) that lie at the heart of the compute device, can offer a foundation for establishing more robust cybersecurity.

How so? At the hardware level it’s possible to implement a range of key security capabilities and controls. These include secure boot, confidential computing, and hardware-enhanced malware detection. Each of these plays a vital role in securing data and systems in the enterprise.

Secure or trusted boot verifies that the system has come up in a known “good state.” Confidential computing concepts refer to the use of hardware to create isolated and protected domains for transactions and data protection in use, a trusted execution environment (TEE). Hardware-enhanced malware detection, meanwhile, leverages the chips themselves to speed the detection and identification of malware and anomalous activity, using the hardware to detect behaviors that would not be normally detectable within the OS or application domains.

Trusted Boot

In a trusted boot, the hardware uses mechanisms that are able to validate each stage of the boot process. From power-on to the firmware to the operating system and ultimately into the application stack, trusted boot ensures that nothing malicious has been inserted along the way.

With trusted boot, you know that the right workload, the right application, the right firmware all were running at the time the system came up. That way, as users deploy data or undertake transactions, they know that they are working from a solid, more secure starting point.

This helps to ensure safe operations, and it supports recovery in case of an adverse event, whether an error or an attack. In such a circumstance, it’s important to be sure that the computer is reverting to a known good state. That’s the “platform resiliency” defined in the NIST SP800-193 standard.

Confidential Computing

Confidential computing is about leveraging a trusted execution environment and being able to do it at cloud scale.

A trusted execution environment is a safe place to transact data and applications, with the ability to put business logic and associated data in a place that is protected from digital and even physical attacks. In a cloud-based environment, this is the means to protect data and transactions from rogue tenants, as well as from the cloud provider themselves —a rogue admin or someone with physical access to the system.

With confidential computing, tenants can protect their data from digital and physical attacks, as well as from exposure to the cloud itself. That’s especially important for sensitive, regulated workloads, where an extra degree of control is required.

Take for example the common security safeguard of encryption, in which algorithms scramble data so that only someone with a key can read it. In hardware-enabled confidential computing, a section of a CPU is reserved as a secure enclave, where memory is encrypted with an encryption key unique to the CPU and the application.

In the cloud, confidential computing makes it possible to verify and attest to the enclave at scale. It’s trust as a service, delivered through the cloud providers and across the hybrid infrastructure: On prem, at the edge, and in the cloud.

An organization could leverage this to protect highly sensitive data and application code, knowing that the data remains protected while it’s in use. Even if attackers were to gain root access, they wouldn’t be able to read the data. And this capability is expanding. While earlier iterations limited the enclave size, the latest generation of processors enables a server to have up to 1 TB of enclave memory.

Malware detection and prevention

When it comes to malware, hardware can be leveraged to enhance and enable trust at scale.

Nation-states and hacker organizations alike are deploying ransomware and malware across virtually every industry, and government is not immune. Agencies are tasked to detect these threats and to prevent them. Often overlooked, hardware can be a key weapon the cybersecurity arsenal.

First, hardware can deliver detection capabilities that go beneath the operating system in the effort to detect errant or abnormal behavior. Simply put: Malware can't hide from the CPU. It runs on the same chips that are running the applications. You can't hide from the silicon stack. When the silicon itself is instrumented to detect errant behavior using Artificial Intelligence, malware detection solutions are able to identify the malware earlier.

A hardware-based approach to malware detection can help organizations to derive maximum value from their cybersecurity deployments.

The average large enterprise is running about 75 security tools, many of them running on the desktop and many in the cloud. Hardware can provide value by accelerating those tools, enabling them to run faster or to run in offload modes. With hardware acceleration, the antivirus software can do things like memory scamming more efficiently. Security controls deliver value at a higher level, without impacting performance.

Faster & more Scalable

Beyond just making security stronger, a hardware-based approach to cyber can make security faster and more readily scalable as it deploys across the entire enterprise. Seen in this light, it’s a way for the organization to derive maximum value from those dozens of tools it is using to maintain a vigorous cyber defense.

“Hardware-enhanced malware detection, meanwhile, leverages the chips themselves to speed the detection and identification of malware and anomalous activity.”

Organizations already have deployed a wide range of cyber protections. The operating system for example likely uses encryption to secure transactional operations. By leveraging the capabilities of the hardware, it’s possible to accelerate those protections in a way that is transparent to the end user.

Hardware-based solutions can make systems more secure and can help organizations to get the most out of their existing cyber solutions. This approach offers IT leaders a means to leverage silicon in support of the data and applications infrastructure they’re already running.

Steve Orrin is CTO for Intel Federal and a Senior Principal Engineer. He leads Public Sector Solution Architecture, Strategy, and Technology Engagements and has held technology leadership positions at Intel where he has led cybersecurity programs, products, and strategy.