McAfee talks hardware-assisted security

Despite criticisms from the industry, the Intel-McAfee merger will result in "faster and better" security by riding on hardware to complement, not eliminate, software-based security, according to a McAfee executive.
Written by Vivian Yeo, Contributor

Despite criticisms from the industry, the Intel-McAfee merger will result in "faster and better" security by riding on hardware to complement, not eliminate, software-based security, according to a McAfee executive.


(Repair Bug image by Mark Rain, CC2.0)

Security must be driven down the technology stack, as threats migrate from targeting applications and operating systems to the hypervisor and hardware level, McAfee global chief technology officer George Kurtz told ZDNet Asia.

The "proof point" is in the development of virtualisation, Kurtz said. While initially challenging in 1999 with the arrival of hypervisors and later Intel's introduction of Virtualisation Technology (VT) into its chips, virtualisation evolved to be "datacentre-ready".

That approach was followed in security, he said.

"It's really hardware-assisted security, just like virtualisation," he added. "If you could take a lot of the things that we would normally do in software and leverage the silicon to do that, it basically makes [security] faster and better — [and that means] faster performance and better efficacy in being able to protect our customers."

In the context of mitigating threats, hardware-assisted security would aid in the prevention of malware execution, which is an important step in a system getting infected, said Kurtz. This boosts contemporary whitelisting efforts, which essentially determines acceptable behaviour.

"With Intel, we have the ability to enhance our software with additional hardware capabilities to help in the whitelisting process, and to help prevent things from being executed in memory, which is what malware tries to do — it tries to redirect the flow and it tries to execute," he explained. "By being able to tie the software that we already have to hardware-assisted components, we can strengthen our whitelisting technology and make it faster and better — less prone to errors or being compromised by the bad guys. If you have a hardware component to it, it's much harder for the bad guys to tamper with."

For instance, he noted that malware on an infected computer will attempt to capture the user's keystrokes or mouse gestures as he enters his password at a banking site.

"By creating what we call a root of trust that ties back to the silicon, we can still operate and pass these sensitive pieces of information through to your end target — your bank server — without the bad guys being able to intercept them, and the only way you can do that is to be able to leverage hardware," said Kurtz.

Making it impossible for cyber criminals to obtain data that they can exploit for monetary gain will result in a lack of motivation to create malware, he said.

"Slowly we're trying to eliminate the vectors of attack that the bad guys have used to be able to monetise the sensitive information, which has really been one of the main drivers why we're seeing so much malware. It's so easy to create malware that will get on the system and ultimately, capture sensitive information and push it out to an ecosystem where there is a very well-defined dollar amount for every piece of data that's out there," he added.

The Intel-McAfee marriage will focus on the notion of compartmentalising or isolating an infection, such that the infected device can still carry out sensitive transactions without compromising data, added Kurtz. "If you have an infection at the operating system, you still want to be able to operate even though there's a potential issue."

"[So] if you were trying to log into your banking site, and you had a piece of malware, what we're really focused on here is how can we allow the user and the PC to still interact with that website and still have a secure interaction," he said.

However, with Intel's acquisition of McAfee only just completed at the end of February, he noted that the two companies are "just starting to work on things" and the fruits of labour will not emerge that soon.

Asked about criticisms of the merger as well as the shift toward hardware-based security, Kurtz said the company's ultimate goal is to better protect users. He also stressed that McAfee's software products will not be phased out. "I would ask any critic if they would like better security, better efficacy and faster security, and let me know the names of people who say 'no' to either one of those."

Via ZDNet Asia

Editorial standards