SANTA CLARA, Calif. — (BUSINESS WIRE) — February 27, 2019 — Today, Intel along with customers and industry partners announced several solutions designed to scale and accelerate the adoption of hardware-enabled security across data center, cloud, network and edge. From OEMs to cloud service providers (CSPs) and independent software vendors (ISVs), Intel continues to help lead the industry and advance security tools and resources that help improve the security and privacy of application processing in the cloud, provide platform-level threat detection and shrink the attack surface.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190227005169/en/
Intel introduced the Intel SGX Card in February 2019. It is a new way to help extend application memory protections using Intel Software Guard Extensions in existing data center infrastructure. (Credit: Intel Corporation)
“Hardware-based security technologies are a top priority for cloud
providers aiming to address enterprise scaling challenges. Trusted
execution technologies such as Intel SGX are now readily available in a
wide range of platforms helping to fuel innovation in the digital
security ecosystem and further assist in implementation roll-out.”
- Dimitrios Pavlakis, industry analyst, ABI Research.
Intel SGX for the Data Center
Helping protect customer data in the cloud is a top priority for cloud service providers. Intel® Software Guard Extensions (Intel® SGX) was designed to help create more secure environments without having to trust the integrity of all the layers of the system. The technology isolates specific application code and data to run in private regions of memory, or enclaves. Intel SGX is currently used by top cloud providers, including Alibaba Cloud*, Baidu*, IBM Cloud Data Guard* and Microsoft Azure* for various projects to help protect customer data at runtime. Today, Intel announced new products and ecosystem solutions that enable Intel SGX to be used even more broadly in the data center.
Scaling Intel SGX for the Cloud: Intel introduced the Intel SGX Card, a new way to help extend application memory protections using Intel SGX in existing data center infrastructure. Though Intel SGX technology will be available on future multi-socket Intel® Xeon® Scalable processors, there is pressing demand for its security benefits in this space today. Intel is accelerating deployment of Intel SGX technology for the vast majority of cloud servers deployed today with the Intel SGX Card. Additional benefits offer access to larger, non-enclave memory spaces, and some additional side-channel protections when compartmentalizing sensitive data to a separate processor and associated cache. Availability is targeted for later this year.
To enable cloud adoption of Intel SGX at scale, Intel and industry partners are also introducing new tools and capabilities that enhance operational control, simplify development and support emerging workloads.
Operational Control: Intel is delivering a new capability called flexible launch control that enables a company’s data center operations to set and manage their own unique security policies for launching enclaves as well as providing controlled access to sensitive platform identification information. This capability is currently available on Intel SGX-enabled Intel® Xeon® E Processors and some Intel NUC’s.
New Developer Tools: Fortanix* launched its Enclave Development Platform* (EDP), the open-source software development kit (SDK) that uses the state-of-the-art security properties of the Rust programming language and Intel SGX to deliver a more secure application development platform. Developers can build enclaves with Rust to help improve protection from development vulnerabilities and outsider attacks. The Fortanix EDP is fully integrated with the Rust compiler allowing developers to immediately build, sell or distribute the secure applications they create.
Scale For Emerging Workloads: Baidu announced a preview of its Intel SGX-enabled MesaTEE* that delivers artificial intelligence algorithm protection for cloud and edge computing devices.
Advancing Threat Detection
Intel is helping lead the industry with hardware-enhanced security technology by delivering new capabilities to Intel® Threat Detection Technology (Intel® TDT), a set of silicon-level capabilities that helps detect classes of threats. First introduced last year and deployed across 50 million enterprise clients, Intel TDT is experiencing broad adoption and expanding platform support to Linux and virtual machines.
Intel Threat Detection Technology Evolves: Intel is expanding Intel TDT capabilities in 2019 to include support for Linux on servers in virtualized data center and cloud environments. Intel TDT combines platform-level telemetry infrastructure and machine learning models to detect targeted attacks. Detection alerts based on the heuristics are sent to the security service provider (ISV) for remediation. Integration of the Intel TDT stack into the existing ISV solutions results in improved performance and lower incidences of false positives. At RSA Conference, Intel will demonstrate Intel TDT on Linux using Intel-developed heuristics to detect unauthorized execution of specific cryptomining workloads.
SentinelOne: SentinelOne* (S1) is the first licensee to have
adapted Intel TDT’s accelerated memory scanning (AMS) technology for
detection of cryptomining. With Intel TDT, S1’s customers running
Windows will enjoy up to 10-times faster pre-execution scanning and
4-times faster detection with immediate roll back of uncovered threats. <