Malware Reduction: Intel® Trusted Execution Technology (Intel® TXT)
Protecting IT infrastructure against software-based attacks
What is it?
Intel® Trusted Execution Technology (Intel® TXT) is a hardware security solution that protects your IT infrastructure against software-based attacks by validating the behavior of key components within a server or PC at startup.
Using an infrastructure based in the Intel processor and known as the “root of trust,” Intel® TXT checks the consistency in behaviors and launch-time configurations against a verified benchmark called a “known good” sequence. The system can then quickly assess and detect any attempts to alter or tamper with your system’s launch-time environment.
See how Intel® TXT protects your enterprise servers and PCs from malicious attacks.
Why it matters
Malicious software programs or “malware,” such as viruses, are a consistent and growing threat to IT and to businesses. While the mechanisms of malware vary, they all seek to corrupt systems and disrupt business, steal data, or seize control of platforms.
As companies adopt more shared, multi-tenant, and virtualized infrastructure models, the perimeter of the traditional network infrastructure becomes more exposed to vulnerabilities.
Also, many traditional security approaches of looking for “known bad” elements (the approach most used by anti-virus or anti-malware programs) are only partially effective at coping with the increasing volume and sophistication of attacks today.
Intel® TXT provides an additional enforcement point and a different, known good–focused approach, which checks for malicious software on client and server platforms before they have even launched.
How it works
Quite simply, if your system’s launch sequence does not match Intel® TXT’s approved, known good sequence, it recognizes the threat and notifies you of this unexpected condition.
In more detail, Intel® TXT provides an infrastructure rooted in the processor that enables an accurate comparison of all the critical elements of the launch environment against a known good source.
To do this, it first allows creation of a known good profile by establishing a cryptographically unique identifier for each approved launch-enabled component. It then provides hardware-based enforcement mechanisms to detect the launch of any code that does not match the approved code.
Intel® TXT’s hardware-based approach provides the foundation on which a trusted platform solution can be built to better protect against software-based attacks.
Furthermore, it is designed to scale with the needs of your organization and help protect both the end user and the company infrastructure from malicious intent.
For more detailed information on the advantages of Intel® TXT and the full range of features it uses to create a secure computing environment, please read the white paper.