Advanced Memory Scanning is directed against fileless malicious programs in the main memory. The task is handled by the GPU, however, in order to significantly reduce the associated additional CPU utilization. Microsoft integrates the technique in Windows Defender ATP.
Intel has introduced new techniques to improve the detection of cyber attacks. Among other things, the Advanced Memory Scanning fileless malicious programs that are active only in memory and are not written to the hard drive to track down. Intel receives support from Microsoft , as Ars Technica reported.
File-less malware is not blocked by traditional security applications that use file-based detection. Although these applications can also check the memory, this burdens the performance of the system. Intel speaks of an additional CPU load of 20 percent. Intel’s Advanced Memory Scanning is intended to circumvent this disadvantage because it uses not the CPU, but the graphics processor. Especially in classic desktop applications, the GPU is usually underutilized. Intel now wants to use these unused capacities to search for pests in the main memory. The CPU should burden the technology only with two percent.
However, Intel does not offer the technology itself. Advanced Memory Scanning is primarily aimed at third-party vendors who want to integrate it into their products. This month, Microsoft’s Windows Defender Advanced Threat Protection will support GPU-based in-memory malware scanning.
The second new detection technology is called Intel Advanced Platform Telemetry. It uses processor power telemetry data to detect unusual activity that might indicate malicious software. Among other things, the technique should also help with attacks on the Specter gap. Such an attack would result in incorrect memory usage forecasts that the processor will detect and track. These data in turn can process cloud systems to determine the health of the system. Among other things, the technology will be integrated into Cisco products.
In addition, Intel summarizes certain security features of its processors under the term Security Essentials. These are combinations of hardware features, firmware, and software libraries, including features such as AES-NI for hardware-accelerated encryption, and Platform Firmware Resilience, which aims to protect against manipulation of the firmware. In turn, Security Essentials are supported by certain Atom, Core, and Xeon processors – so software can access unified hardware-based security on certain CPUs.
Tip: How well do you know about processors? Check your knowledge – with the quiz on silicon.de.