Engineering:Intel Threat Detection Technology

From HandWiki

Intel Threat Detection Technology (TDT) is a CPU-level technology created by Intel in 2018 to enable host endpoint protections to use a CPU's low-level access to detect threats to a system. TDT consists of multiple components including Accelerated Memory Scanning, which uses the CPU's integrated GPU to scan memory, and Advanced Platform Telemetry, which uses processor-level activity monitoring to detect unusual activity.[1][2][3][4][5] It is supported on sixth-generation or newer Intel Core CPUs and additional capabilities were added to the 11th generation Core processors.[6][7][8][9]

Intel TDT is integrated into several third-party anti-malware solutions including Microsoft Defender,[10] Check Point Harmony Endpoint,[11] CrowdStrike Falcon,[6] and others.[12]

Accelerated Memory Scanning

Accelerated Memory Scanning (also referred to as "Advanced Memory Scanning"[1][13]) uses the CPU's integrated GPU to scan memory for malicious code, instead of using the CPU directly.[14] This improves system responsiveness during anti-malware scanning.[2] and lowers power consumption.[7] Features include pattern matching, using random forest decision trees, string extraction, entropy calculation, and Euclidean clustering.[15][16]

Advanced Platform Telemetry

Advanced Platform Telemetry collects CPU-level telemetry to detect uncommon activity patterns which might be indicative of malware. The telemetry data is collected from the CPU performance monitoring unit (PMU)[10] and doesn't require a large signature database to detect malware. Instead, it uses machine-learning based correlations to identify indicators of attack[17][18]

For example, Microsoft Defender is able to use TDT's Advanced Platform Telemetry features to detect processor usage patterns indicative of ransomware and cryptojacking[19] with TDT so it can detect them.[20][7][1]

See also

  • Intel vPro

References

  1. 1.0 1.1 1.2 "Intel, Microsoft to use GPU to scan memory for malware". 16 April 2018. https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/. 
  2. 2.0 2.1 "Intel® Threat Detection Technology Demo". 21 May 2018. https://www.youtube.com/watch?v=Lf6YHL84pqc. 
  3. "Intel Announces Chip-Level Security Initiatives, iGPU-Based Malware Scanning". 17 April 2018. https://www.anandtech.com/show/12660/intel-announces-chiplevel-security-initiatives-gpu-av-scanning. 
  4. "Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties". 17 April 2018. https://www.theregister.com/2018/04/17/intel_gpu_malware_detection_security/. 
  5. "Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning". 17 April 2018. https://thehackernews.com/2018/04/intel-threat-detection.html. 
  6. 6.0 6.1 "CrowdStrike Falcon® Enhances Fileless Attack Detection with Intel Accelerated Memory Scanning Feature". 3 March 2022. https://www.crowdstrike.com/en-us/blog/falcon-enhances-fileless-attack-detection-with-accelerated-memory-scanning/. 
  7. 7.0 7.1 7.2 "Hardware acceleration and Microsoft Defender Antivirus". 16 April 2018. https://learn.microsoft.com/en-us/defender-endpoint/hardware-acceleration-and-mdav. 
  8. "Intel adds hardware-based ransomware detection to 11th gen CPUs". 29 December 2022. https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/. 
  9. "Intel® Threat Detection Technology (TDT) Runtime Threat Detection with HW Telemetry DEVELOPER GUIDE". https://github.com/JUSDJTIN/lib-tdt/blob/master/docs/Intel(R)_TDT-SecL_DeveloperGuide.pdf. 
  10. 10.0 10.1 "Microsoft Defender for Endpoint CPU (Intel) based Threat Detection of Ransomware". 7 March 2022. https://www.linkedin.com/pulse/microsoft-defender-endpoint-cpu-intel-based-threat-detection-nouri/. 
  11. "Check Point Software Technologies Enhances Endpoint Security with Intel vPro Platform". 11 January 2021. https://www.checkpoint.com/press-releases/check-point-software-technologies-enhances-endpoint-security-with-intel-vpro-platform/. 
  12. "Future-proofing PC fleets with the powerful pairing of Intel® Threat Detection Technology and AI-Native endpoint protection". 10 May 2024. https://www.eset.com/blog/business/future-proofing-pc-fleets-with-the-powerful-pairing-of-intelr-threat-detection-technology-and-ai-native-endpoint-protection/. 
  13. "Detect Ransomware and Other Advanced Threats with Intel Threat Detection Technology". https://www.intel.com/content/dam/www/central-libraries/us/en/documents/intel-threat-detection-technology-solution-brief.pdf. 
  14. "Intel Hardware-enhanced Threat Detection". https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/tdt-product-brief.pdf. 
  15. "Intel vPro® PCs Feature Silicon-Enabled Threat Detection". https://www.intel.com/content/dam/www/central-libraries/us/en/documents/advanced-threat-protections-white-paper.pdf. 
  16. "11th Gen Intel® Core™ vPro® Mobile Platform PCs Feature the Industry's Only Silicon-Enabled Threat Detection". https://www.content.shi.com/SHIcom/ContentAttachmentImages/SharedResources/PDFs/Intel/intel-060921-white-paper-advanced-threats-2021-FINAL.pdf. 
  17. "A Closer Look at Intel's Hardware-Enabled Threat Detection Push". 11 August 2021. https://www.securityweek.com/closer-look-intels-hardware-enabled-threat-detection-push/. 
  18. "The Crucial Role of Silicon in Advanced Threat Detection". https://go.abiresearch.com/hubfs/Marketing/Whitepapers/The%20Crucial%20Role%20Of%20Silicon%20In%20Advanced%20Threat%20Detection/CR-INTEL-201%20v4.pdf. 
  19. "Hardware-based threat defense against increasingly complex cryptojackers". 18 August 2022. https://www.microsoft.com/en-us/security/blog/2022/08/18/hardware-based-threat-defense-against-increasingly-complex-cryptojackers/. 
  20. "Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study". 3 March 2022. https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/defending-against-ransomware-with-microsoft-defender-for-endpoint-and-intel-tdt-/3243941. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Engineering:Intel_Threat_Detection_Technology&oldid=3979692"