Transcript: Intel Promises Security to Owners of PC Fleets on the vPro Platform

This transcript is from a PodTech.net podcast at:
http://www.PodTech.net/?p=543

Intel Promises Security to Owners of PC Fleets on the vPro Platform - Part 3 of 4

Paul Otellini: I'd like to talk next about the next pillar, the second pillar of vPro, which is proactive security, and this chart shows the number of days it's taken to exploit a given security flaw.

You can see quite clearly it's changed pretty dramatically since the first big exploitation in 2000, I've got the Ramen/Adore virus there, took almost 200 days to exploit. Last year, we saw a very, very short time with the Zotop virus, a three day exploit period. We're actually now seeing an even more interesting environment where you have a zero-day exploit.

The Windows Metafile virus last year actually exploited a weakness before the flaw was publicly recognized, and to be able to get on top of those, requires a whole different set of infrastructure. You have much less time. Your IT department has to be proactive instead of being reactive, and if things happen in zero timeframe, how can you be proactive?

Another problem is that it takes a lot of time once you discovered the patch for the exploit or virus to be able to deploy that backwards into the environment. A lot of the processes for deploying those patches are manual. Users turn off security on occasion, like Greg did. VPro is intended to deal with both of those, to be able to deal with a very quick deployment but also make it impossible for users to avoid the security needs of their enterprise. How does this happen?

First of all, we start with new ways of dealing with security issues, and that is built around a technology that we call VT, or virtualization Technology. We built virtualization, hardware virtualization, or multiple partitions, hardware partitions, inside of our microprocessors now.

This has been in the mainframe environment for quite some time, but only now you're seeing this come to the PCs, where you can think about having virtual partitions inside a given computer on one of your employees' desks. Let me show you what I mean by all of that, by running this animation. This thing, you can think about solving this problem by getting another or separate hardware security device and plugging it in in front of all of your PCs.

We do that on our data centers today, we have hardware security in front of many of our servers out there. Well, in a PC environment that gets to be very expensive. So imagine what would happen if we could take a dedicated security device and embed it inside the PC itself. That's really what we're doing, it's called virtualization, and it's called vPro.

What we do in vPro here is we create two partitions. One is for the user, and the other is a completely separate partition independent of the main operating system. It can be used for software-based virtual appliances, the security appliance here. It's highly reliable, it's tamper resistant, it's completely transparent to user interaction, and it's a new virtualized approach that provides the strongest and most manageable client agent possible.

We'll see how it works here: You're going to see everything running through the virtual appliance. Good traffic, which here in this animation is represented in green dots, is allowed to pass. When bad traffic comes in, and here I'm representing those by red dots, they're actually cut off. Those packets are cut off before they reach the user partition, they're cut off and intercepted by the management partition. And the good news, it's a very simple concept, but it's a very profound change in the way the PC actually deals with data coming into it.

There are a number of software companies working hand in hand with Intel to create a solutions-based environment around this hardware and develop these virtual security appliances on top of our vPro technology. One of them is Symantec. One of the leaders in security space, and to talk about what they're doing today, I'd like to welcome the Chairman and CEO of Symantec, John Thompson, up to share his thoughts with us.

John Thompson: Thank you very much, Paul.

Paul Otellini: So John, there a lot of big changes we're seeing in security environment and marketplace, and from your perspective, the expert in security, what are the unmet needs of security in the enterprise?

John Thompson: Well, clearly what the enterprises are seeing today is a rapid increase in the number of threats. The complexity of the threats is also growing, and we're starting to see vulnerability exploitation, as you suggested, shrink in terms of time. That gives them a management challenge unlike anything we've ever seen.

We produce a report twice a year that's called the Internet Security Threat Report, which really does give a view of the health of the Internet. One of the things we saw in our last report was the existence of something that we call modular malicious code, which is a very small form of malicious code that really can wreak havoc on a user's machine.

Paul Otellini: That sounds pretty scary, I don't know if I'd be able to deal with that, but can you tell me what's so different about this environment from what we've seen in the past?

John Thompson: Well, typically when an attack, a worm or a virus, takes advantage of a machine, it's a large chunk of code that goes down and it's pretty intrusive, and you can recognize that's there. In the case of modular malicious code, it's a small little applet that arrives on the machine and it essentially starts to call down other packets and assembles itself into something that's much more destructive. As a matter of fact, it often times will try to disable the firewall or disable the antivirus agent because it is assembling, if you will, the capability to take control of the machine.

So the event, or the opportunity, to move security outside of that environment into a virtual environment really does set the stage for us to be able to deliver security in a very, very different way.

Paul Otellini: How does this virtual security environment differ from what people have today?

John Thompson: Well, if you think about it, today what you're trying to do is protect the user space, as opposed to protecting the environment itself, and by moving the security technology into the virtual machine, you have an opportunity to rid a malicious attack before it gets into the user programmable space. It's a different approach, it certainly does lend itself to perhaps a more manageable environment for a lot of large corporate users, and we think it has the opportunity to truly, truly change the game.

Paul Otellini: As we look forward to these kinds of things, what can we as users of Symantec software experience from the virtual security solution?

John Thompson: I think the investments that both Intel and Symantec are doing here set the stage for users to think about an environment that it's not just more secure out of the box, but more secure as they're deployed over time, because oftentimes what happens is, people install a given piece of security technology and forget that they have to update it. Or users don't manage the environment quite the right way, and this way we'll do more of that in the virtual machine where corporate users don't have to worry about it. We'll do that for them. It's a terrific approach, I think.

Paul Otellini: Sounds good, and it's a combination of your software and our hardware that makes all of this possible.

John Thompson: I can't think of a better combination.

Paul Otellini: Me too. I was hoping you'd say that. Thanks very much.

John Thompson: Thanks very much, Paul.