A lot is going on in cybersecurity right now. Major hacks such as the recent nation-state attack on SolarWinds and Microsoft Exchange servers shows that simply investing in cybersecurity controls doesn’t cut it anymore. IT and security teams need to move beyond mere box-ticking to ensure their cybersecurity investments are effective and can defend against sophisticated threats that are tougher to detect. But the increasingly hybrid, distributed and remote work environment is making this harder.
As organizations undergo digital transformation and continue to digitize business operations, they need to recalibrate their cybersecurity strategy to help protect remote endpoints and corporate networks from cyberattacks. Large-scale remote workforce transitions have created unintended risks: there are more unpatched remote endpoints outside the network perimeter, and PC fleet inventory is becoming challenging. Undoubtedly, the pandemic placed a heightened emphasis on endpoints. However, that is one element which isn’t yet fully integrated into IT strategy.
Consider this 2020 State of Endpoint Security reportOpens a new window by Ponemon Institute and Morphisec that paints a stark picture of poorly protected endpoint devices — the ‘new stress points’ for overburdened IT teams. Around 68% of the 671 respondents surveyed said that their company experienced one or more endpoint attacks that successfully compromised data assets and/or IT infrastructure over the past 12 months.
The picture gets worse. More than half revealed their organizations are ineffective at surfacing threats because their endpoint security solutions don’t measure up against advanced attacks. Though organizations added multiple security layers to thwart malware, browser-based threats, and phishing attacks, IT’s confidence in traditional antivirus tools continues to drop as many respondents find it losing its value. On average, 60% of attacks were missed by antivirus tools. Respondents also said that in an already complex IT environment, antivirus software added to false positives and alert fatigue.
Endpoint Devices: The Next Battleground for Defense
Cyber threats like botnets, phishing, new malware variants that slide unsuspectingly into internet-connected PCs and cause ransomware attacks loom large on the horizon. If you haven’t locked down exposed, vulnerable endpoint devices that stand between your assets and hackers, you risk corporate and personal data. Now and in the future, safeguarding the business computing assets should be the primary imperative to minimize the odds of costly data breaches. The solution is obvious — adding “multiple layers of defense†or “defense in depth,†that spans the operating system (OS), applications, and firmware.
But how does one extend cyber resilience down to the device level? By putting in place “remote-right strategies†that start from the hardware up. According to Lopez ResearchOpens a new window , as organizations plan to extend work from home for distributed workforces, best-in-class devices with silicon-enabled security rooted in the most foundational layer can remedy the remote work security gap.
As the endpoint footprint grows, so does the attack surface. The viral outbreak has changed the game for hackers who have found newer ways of compromising networks and exfiltrating data. With ransomware strains evolving and malware-based crypto-mining gaining steam, IT needs to account for these new-age vulnerabilities. Your standard security arsenal compromising third-party software such as endpoint detection and response solutions, malware prevention software, and PC device management alone can’t stand up to new, evolving threats.
See More: 4 Hardware-Based Endpoint Security Strategies for a Distributed Workforce
Take Cyber Resilience to Device-Level With Next-Gen Business Computing Platforms
Remote work enablement placed considerable pressure on IT to provide full-scale support to tide through the crisis, Lopez ResearchOpens a new window hints. The result was poorly designed technologies that included older PCs that lacked built-in security. This means that IT teams today are spending more time maintaining systems while managing and securing a hybrid workforce.
However, there’s an opportunity to change that. The researchOpens a new window advises that even if an organization purchased new hardware in 2020, it should reevaluate whether those devices have the right configurations and security to support various roles within their company. Amid the distributed hardware era, with an explosion of endpoint devices, IT needs a next-gen business computing platform to mount a strong defense against cyber threats and seamlessly prepare for the new hybrid work phase.
Given the inherent complexity of managing large-scale PC fleets, IT decision makers (ITDMs) should reassess and right-size legacy PC fleets that challenge the efficiency of business models. Not just that, a next-gen business computing platform can help IT reclaim time spent on the management, maintenance and security of endpoint devices and focus on business-critical projects.
The next step is to evaluate and lean on trusted partners to improve security posture, curb hardware refresh costs and drive remote management of PC fleet endpoints. For example, Intel, a leading powerhouse, has consistently raised the bar on security and pushed the envelope on hardware-enabled security innovations to help secure devices from the ground up — right from the hardware, firmware, operating system (OS) to applications. With the latest 11th Gen Intel® vPro® platform-based PCs, IT can vastly benefit from hardware-enforced security built-in from the silicon-level, minimize downtime, lower hardware refresh costs and provide end-users with a more stable, secure business-class PC platform for seamless workflows.
Here are three ways next-gen, business-grade PC platforms provide IT a more secure, reliable foundation to scale:
1. Detect advanced threats
More often than not, resource-constrained IT teams lack the budgets to improve their security capabilities. These lean IT teams need to do more without spending beyond their means. By taking advantage of a no-compromise business computing platform, IT can vastly improve endpoint security and mitigate cyber disruption arising from a new breed of malware without racking up costs.
The 11th Gen Intel® Coreâ„¢ vPro® processors significantly change the playing field with two next-gen capabilities — Intel® Threat Detection Technology (Intel® TDT) and Intel® Control-Flow Enforcement Technology (Intel CET) part of Intel Hardware Shield, available on Intel vPro platform. Intel® TDT fights off advanced threats like browser-based cryptojacking, where a hacker infects a website or online ads with Javascript code that auto-executes once it loads in the target client’s browser. Traditional software safeguards such as endpoint detection and response (EDR) or antivirus can’t detect this in-browser malware that uses CPU/GPU to mine cryptocurrencies and drains the system’s computing power.
Intel® TDT leverages CPU-based telemetry and silicon-enabled AI threat detection (an industry-first) to track cryptomining activities in business-class laptops and shut them out. IT teams using EDR software can mine Intel TDT signals to segment infected machines on the network and patch systems. Integrated deep at the architecture level, Intel CET helps defend against a new class of malware — jump/call-oriented programming (JOP/COP) attacks that target OS, browsers, and other applications. It provides hardware-powered security to thwart malware attacks that can’t be remedied with software-only solutions.1
2. Remove firmware blindspots
Firmware hacks don’t receive the attention they deserve compared to ransomware and other advanced hacking techniques. Still, they can bypass traditional software and can ‘brick devices,’ rendering them inoperable. A recently released Microsoft reportOpens a new window , Security Signals, revealed more than 80% of enterprises surveyed had experienced at least one firmware attack over the past two years. But, only 29% of security budgets are allocated to defend against firmware vulnerabilities with vulnerability scanning and advanced threat protection solutions taking top billing. Meanwhile, traditional anti-malware software can’t stop firmware risks in its tracks.
Intel has played a pivotal role in driving full-stack innovation across chipsets and processors with Intel® Hardware Shield, security technology exclusive to the Intel vPro platform. By bulking up the security layer within the Basic Input/Output Systems (BIOS), Intel®‘s Hardware Shield advances “Below the OS†security, providing a more comprehensive security strategy both above and below the OS.2 Firmware hacking allows attackers to insert malicious software deep into the code, manipulate the hardware and firmware, mine data, wipe files, and even brick the systems in some instances. Intel® Hardware Shield hardens the BIOS through Intel® BIOS Guard and helps prevent unauthorized code modification. Reducing the BIOS’s access to system memory and locking it down further mitigates the risk of malware infiltrating the OS.
3. Respond and remediate faster
A comprehensive software patch management strategy is a critical part of enterprise security. With a next-gen business computing platform, IT teams can effectively deploy software updates from afar and reduce the risks of security threats. Intel® Active Management Technology (Intel® AMT), part of the Intel vPro platform, provides IT the tools to remotely manage, repair, and apply patches to out-of-band devices, even when they’re outside the corporate firewall.3
Rising PC support costs, round-the-clock device maintenance necessitates a shift towards a next-gen business PC platform that allows organizations to protect networked PCs and devices faster, ensure end-user productivity, and keep maintenance costs down.
Takeaways
Ensuring end-to-end security is a big undertaking. ITDMs planning the next phase of the distributed work era should understand that built-in, hardware-enforced security measures — not bolt-on software-only solutions are critical for providing comprehensive security now and beyond. By partnering with a trusted leader like Intel, known for driving innovations in hardware-based security and endpoint protection, organizations can benefit from its robust suite of security technologies and improve their security posture.
See More: How the Right Business PC Experience Can Drive the Next Phase of Work from Anywhere
‌
Notes and Disclaimers
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex. Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates. See backup for configuration details. Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy. Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, Intel vPro and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
1 Intel Control-flow Enforcement Technology (CET) is designed to help protect against jump/call-oriented programming (JOP/COP) attack methods and return-oriented programming (ROP) attack methods, malware known as memory safety issues and which comprise over half of ZDI-disclosed vulnerabilities. Visit www.intel.com/11thgenvpro for details. Results may vary.
2 In thin & light Windows-based devices, based on unique features and testing by IOActive (commissioned by Intel; as of December 2020) comparing Intel® Hardware Shield security capabilities with corresponding technologies in an AMD Ryzen Pro 4750U-based system. Visit www.intel.com/11thgenmobile for details. Results may vary.
3 As measured by December 2020 IOActive study (commissioned by Intel) of in-band software-based remote management functions; out-of-band hardware-based remote management functions; and cloud-based support in thin & light Windows-based PCs. AMT requires a network connection; must be a known network for WiFi out-of-band management. Learn more at www.intel.com/11thgenvpro. Results may vary.