Intel's vPro chips in more security for businesses

With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike.

[ See also: Intel adds desktop NAC to latest chips ]

By wrapping a set of expanded security features around the vPro Core 2 Duo chips, the chip giant maintains it can help IT departments more easily protect and support their desktop systems, in large part by offering additional hooks for other vendors' PC defense and management tools. 

With the addition of features that extend malware behavior-detection further onto the CPU level and wall off virtualized software systems from attack, Intel says it can greatly enhance the chips' interaction with complementary security technologies.

By adding new capability for desktops to communicate directly with so-called network access control (NAC) systems, Intel contends it can offer full-fledged security management opportunities that circumvent the need for device-OS interaction.

"The time [available] to respond to vulnerabilities is down and the sophistication of malicious attacks is increasing," said Gregory Bryant, general manger of Intel's Digital Office Platform Division. "We're trying to make security more proactive by driving it into the platform itself."

Intel is also touting other systems management and power-efficiency features in the chips, formerly known by the code-name Weybridge, but its sales pitch for the new vPros is centered on its security tools.

Bryant acknowledges that it may take years for the processors to find their way onto a large share of enterprise desktops. However, the vPros' technologies are aimed at other emerging IT phenomena such as virtualization and NAC, he said, which will help the processors fall in line with those trends.

The vPros' augmented Time-based Systems Defense Filters promise to scan every outbound packet traveling over the processor and maintain logs of suspicious behavior to identify unwanted network activity.

The chips address security concerns with virtualized software systems -- including integration issues with traditional anti-malware technologies and the opportunity for data theft via external attack -- with the addition of a pair of features.

Intel's Trusted Execution Technology -- which was developed under the code-name LaGrande -- promises to wipe out any residual data that may be left available when a virtual system is improperly shut down and to detect any attempts to modify the software it is running on. When combined with the chips' Intel Virtualization for Directed I/O technology, the processors will specifically be able to detect and ward off emerging attacks that seek to inject themselves between hardware and software systems by isolating virtual machines and cutting off outside access to their memory, Bryant said.