Intel Unveils McAfee DeepSafe for Chip-Based Security

 
 
By Fahmida Y. Rashid  |  Posted 2011-09-14
 
 
 

Intel and McAfee have unwrapped details about a new hardware-based security product that offers protection for systems at the chip level. This new technology shows how Intel plans to integrate McAfee's security and software products into its processor portfolio.

The chip giant launched McAfee DeepSAFE, a combined hardware-software platform that would prevent security breaches, block stealthy intrusions and stop malicious software from being installed. Intel CEO Paul Otellini offered details about the technology during his keynote speech at the Intel Developer Forum in San Francisco on Sept. 13.

In DeepSAFE, the McAfee Endpoint Protection Software hooks onto the microprocessor's security features to provide a "deeper" security footprint, according to Intel. This allows the software to gain visibility into malware that operates below the operating system, such as rootkits. The ability to look outside the operating system would allow McAfee software to protect systems and expose many attacks that are currently "undetectable."

"It is essential that devices are protected against intrusions from security breaches and malware in more effective ways than are available today," according to Intel.

Malware that resides in the computer's memory before the operating system even boots up is difficult for traditional security products to detect with their scanning capabilities. Cyber-criminals know how to evade current operating systems-based security, so security vendors have to develop security products that work "beyond the operating system," Intel said.

The software will not be embedded directly onto the Intel chips but rather just be able to take advantage of hardware features already included in Intel's Core chips and other new chips down the road, said Todd Gebhart, co-president of McAfee. In the past, Intel had noted that a very small fraction of the security features on its chips were being used by security vendors. DeepSAFE is a "hardware-assisted" security product that is designed specifically to take advantage of the capabilities on the chip.

"DeepSAFE can apply new techniques to deliver a whole new generation of protection in real time to prevent malicious activity and not just detect infections," Gebhart said.

The new hardware and software security product is the "first of its kind" to use hardware-based security features instead of relying on the operating system, which "should offer a stronger offense against a number of threats that can circumvent" the system, Hans Mosesmann, an analyst with Raymond James Equity Research, wrote in a research note. 

DeepSAFE would allow Intel and McAfee to gain share in the security market, Mosesmann added.

Otellini demonstrated how DeepSAFE can be used in rootkit prevention products during his speech. A system running the technology in McAfee Labs was able to detect and stop a zero-day rootkit called Agony from infecting a system in real-time.

DeepSAFE platform would be the first security product from Intel after the $7.68 billion McAfee acquisition closed earlier this year. Expected to launch later this year for enterprises, DeepSAFE will probably not be ready for Intel's mobile chips for another few years. McAfee will likely be deploying DeepSAFE as part of an add-on to Endpoint Protection security service focusing on rootkit detection. There is no timeline as to when it will be available for consumers at this time.

"By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices," said Ren??«e James, senior vice president and general manager of the Software and Services Group at Intel and the chairman of McAfee.

Rocket Fuel