Hardware Security Features for Business PCs

Learn why hardware-based security features are a critical part of protecting your business.

Hardware Security Basics:

  • Software security alone is no longer enough to fully protect PCs.

  • Hardware-based security features help establish a root of trust at the most foundational layer.

  • The Intel vPro® platform includes Intel® Hardware Shield to help secure PCs below the operating system (OS) and provide built-in advanced threat detection out of the box.

  • Intel® Hardware Shield is designed to deliver full-stack PC protection to help IT enforce zero-trust policies and improve enterprise security defenses with the Intel vPro® platform.

BUILT IN - ARTICLE INTRO SECOND COMPONENT

Laying a solid foundation of protection for your business PCs takes a combination of software- and hardware-based security features. The Intel vPro® platform augments software with security technologies rooted in the hardware.

What Is Hardware Security?

When it comes to securing business computer hardware, many IT administrators think primarily of software-based solutions, such as antimalware and antivirus software. However, cyberattacks are moving down the system stack. Software security alone is no longer enough to protect PCs. Protection must be rooted in the hardware itself.

Why Hardware-Based Security Features Matter?

From global enterprises to government institutions to small businesses, computer hardware security is absolutely critical for all organizations, across all industries.

A business that experiences a security attack can suffer lasting damage. To start with, there may be fines related to data breaches. There could also be damage to the company’s reputation, which is difficult, if not impossible, to quantify. There’s a risk of stolen intellectual property or other sensitive information. Finally, there’s downtime, which can be very costly if employees are unable to work. Certain attacks, such as crypto mining and crypto jacking, lead to issues with slower systems as the CPU is dragged down.

Today, more employees are working remotely than ever before—and that means more devices accessing the corporate network beyond the firewall. In addition, data and applications are moving to the cloud, where they can be accessed anytime by a range of devices. These devices must remain secure, regardless of where they are being used.

At each layer of the system stack, PCs are only as secure as the next-lowest layer. Security must be built on a root of trust that is established at the most foundational layer: the silicon.

Intel® Hardware-Based Security Technologies

Your PC hardware design makes a big difference in the strength of your security. Intel® products are engineered with built-in security technologies to help protect potential attack surfaces. Because these technologies are rooted in silicon, they can operate without being affected by corrupted software. This helps create a trusted foundation for computing and helps protect systems from the latest cyber threats.

Intel vPro® Platform

For business PCs, Intel offers a platform that was specially built for business with enhanced security features to help protect against modern cyber threats. The Intel vPro® platform offers performance, security features, manageability, and stability all in one integrated platform. It provides a highly secure foundation out of the box with hardware-based protection against firmware attacks. The platform also includes capabilities for remote access, so IT administrators can install security patches and repair PCs.

The Intel vPro® platform features Intel® Hardware Shield, designed to enable built-in PC protection that includes:

  • Security technologies below the OS to help protect hardware, firmware, and software. This enables supply chain transparency, secure boot, and additional Windows* 10 security features that allow IT administrators to verify the state of hardware, firmware, and software integrity.
  • Application and data security to provide the hardware resources needed for virtualized workloads and reinforce virtualization-based security (VBS) with hardware-based security features that help protect applications at runtime and data in memory.
  • Advanced threat detection capabilities, which augment existing security solutions with Intel® CPU telemetry to detect attack signatures and anomalies. Examples include crypto mining and ransomware that might otherwise pass by unnoticed.

Another capability of the Intel vPro® platform is Intel® Active Management Technology (Intel® AMT), which gives IT administrators remote access control to PCs. IT administrators can perform remote patching and remediation, even when PCs are out of band. For cloud-based access to these capabilities, IT administrators can use Intel® Endpoint Management Assistant (Intel® EMA). Intel® Active Management Technology also integrates with Microsoft System Center Configuration Manager (SCCM) to give you greater flexibility in how you use it.

The Future of Hardware Security Features

In the coming years, security threats will continue to evolve. To protect their data, devices, and users, businesses of all sizes should pursue a full-stack strategy that combines hardware-based security features with software.

Today, Intel® Hardware Shield plays a critical role in system hardening and is a cornerstone for a more secure PC fleet. We’re continuing to explore how to detect and protect against new threats, working with our ecosystem partners on solutions that help prevent vulnerabilities from being exploited. Working together, we can design PCs that deliver high levels of assurance for your business.

The Intel vPro® platform is designed to provide a highly secure foundation with hardware-based protection against firmware attacks."

Security Benefits of the Intel vPro® Platform

The built for business Intel vPro® platform provides hardware-enhanced security features that help protect all computing stack layers. Businesses can benefit from supply chain transparency and traceability of PC components, advanced memory scans, and hardware-based support of Windows* 10 security services. Furthermore, IT has the ability to quickly roll out software fixes on critical vulnerabilities to managed PCs.