Security administrators who want to tackle the rising tide of zero-day vulnerabilities can look to Intel's upcoming VPro business PC series--using virtual intrusion protection systems (IPS)--to help stem the problem, says the chipmaker.
In zero-day flaws, system vulnerabilities are attacked before a patch has been released. Increasingly, however, flaws are being exploited even before the vulnerabilities have been publicly disclosed.
Noting that increasing volume and complexity of network traffic threaten enterprise network security, Bertrand Lim, marketing manager at Intel Asia-Pacific's digital office platform division, told ZDNet Asia: "IT's got to find a way of delivering services in a time of shrinking IT budgets."
Traditionally, IT administrators use security software agents that run within the operating platform on client machines. However, Lim noted, this usually gives rise to sluggish system performance which causes many users to disable or remove background security and manageability agents, rendering these protective tools ineffective.
In addition, such security applications can themselves be threatened when they operate within an operating system (OS) that has already been compromised by an exploit that was successful in its attack. The infected desktop OS can then affect the performance--or even the availability--of the security software.
With this in mind, Lim said that Intel formed a partnership with Symantec to design a "virtual appliance" that runs in a secure machine partition within the PC, separate from the operating system. The virtual appliance combines Symantec's antivirus, network- and host-based IPS technology, as well as a behavioral detection engine.
As a result, all network traffic flows through and is inspected by the virtual appliance. The IPS scans all network traffic, detects security threats and keeps them from interacting with the end-user's OS.
This feature will be available in Intel's much-publicized VPro platform line, due to ship with its OEM partners' systems next month. VPro incorporates Intel's Virtualization Technology (VT) that enables security software to run in isolation from users' operating system (OS) environment.
It also features the Intel Active Management Technology (IAMT), which allows administrators to manage or even shut down PCs remotely--useful when PCs are ridden with viruses.
According to Robert Pregnell, Symantec Asia-Pacific's regional product manager, there are two key benefits that can be gleaned from the virtual appliance. "First, multiple security technologies embedded in it raises the levels of safeguards.
"Second, putting in [virtualization] on the chip itself means you don't need to rely on users to come in and turn on the [operating system to run the security software]," he said.
The desktop security feature essentially runs outside the client OS, so it is transparent to the user and under the control of authorized IT administrators, Pregnell noted. It is also "tamper-proof", he said.
"The chip itself is ready to wake up, and you can [activate] the security in the middle of the night," added Pregnell.