Unwrapping the 11th Gen Intel vPro® platform
How the Intel vPro platform keeps business computing safe from attack as well as fully supported, even when working remotely
Intel’s vPro platform has come a long way since it arrived in 2006. The latest release further builds on what started out as primarily a remote management toolkit. It is now a consummate security solution, which can even learn to address new threats. The emphasis on mobile security continues, which has even greater relevance with so much remote working during the pandemic. But there’s a whole lot more that is new. Here are the key features of the latest Intel vPro platform after the release of the company’s new 11th Generation Intel® Core™ vPro® Processors and how they help keep your business computing experience safer and more productive than ever before.
Integrated security platform
The first thing to emphasise about the Intel vPro platform is that it is not an add-on but has technologies and features fully integrated. The security and management capabilities of its 11th generation offering align with its new CPU features, which include integrated Intel® Iris® Xe graphics four times as powerful as the previous generation. Taking video editing as an example, an 11th Generation Intel Core vPro CPU will be 2.3 times faster than its predecessor. This means that more functions can be offloaded to the GPU from the CPU, including security functions, keeping the user more productive.
The Intel vPro platform’s security operates at the hardware level beneath the operating system, making it much more powerful than software solutions alone. Intel® Hardware Shield provides features within the system itself to protect the UEFI BIOS firmware and main memory against firmware attacks and enforce a secure boot. This can then be built upon by OEMs to provide their own branded safe start-up provisions. Locking down the most fundamental level, before even the operating system is loaded, stifles code that attempts to load before the booting process commences.
A whole host of capabilities hang off this fundamental feature. These all address different threat types that could attempt to execute before traditional software-based defences are fully loaded, and aid low-level system management. Above this level, hardware-powered virtualisation-based security for the operating system and applications keeps these layers from directly accessing system resources, which prevents a whole class of attacks that evade current software-based solutions. Because this virtualisation operates at the hardware level, it can be used seamlessly and without taking a hit on performance and productivity. The Intel vPro platform also incorporates Advanced Encryption Standard-New Instructions (AES-NI), which provide hardware-accelerated AES encryption, so this can be used pervasively without any detrimental effect on performance. With the latest 11th Generation processors, Intel has applied this ability to system memory via Total Memory Encryption, so that all data in main RAM and system memory buses is encrypted, guarding against cold boot attacks.
Enhanced security on the move
By introducing the Intel® Evo™ vPro® Platform, which is aimed at providing the best thin and light laptop experience for business, Intel is delivering exactly what is needed, considering that many employees will continue to work remotely even after the pandemic has abated. This builds on the core capabilities of the Intel vPro platform, placing that functionality in a solution that is extremely responsive, has a long battery life, reliably wakes up in an instant, and can be delivered in highly compact form factors – all key features for the mobile worker.
The Intel Evo vPro platform promises a system that wakes from sleep in less than a second. It will provide consistent responsiveness for at least nine hours on battery with typical usage and a Full HD laptop display. It will then take a mere 30 minutes of charging to replenish four hours of battery life. Whilst not compromising on security, the platform also integrates WiFi 6, Thunderbolt 4 and high-quality audio and video subsystems, so there is no trade-off on connectivity and media experiences despite the thin and light form factor.
However, security remains a key pillar of the Intel vPro platform, with Intel® Hardware Shield features at the core. The latest version introduces Intel Control-flow Enforcement Technology (CET). This protects against specific types of attack called jump/call-oriented programming (JOP/COP) and return-oriented programming (ROP). This kind of threat has long evaded software-only solutions. JOP/COP and ROP essentially find weaknesses in a software stack that can be used against the system, looking for sequences that can be used to build a new program, which will then be employed to mount the attack. Intel CET is a hugely important new feature, because over half the vulnerabilities disclosed by the Zero Day Initiative involve these kinds of memory safety issues. Intel CET promises to drastically reduce the efficacy of this kind of threat.
However, the most intriguing new feature is Intel Hardware Shield’s GPU-accelerated AI-enabled threat detection, which harnesses the eight times better AI performance of 11th Gen Intel Core vPro processors compared to their predecessors. Having access to telemetry below the level of the operating system allows this system to spot unusual behaviour, such as cryptomining, malware or ransomware attempting to trigger encryption processes. There may be no discernible software signature for this code that a traditional anti-malware application could spot, but Intel vPro platform-based systems can learn and detect unexpected behaviour, discovering new threats as they emerge, and providing enhanced protection.
Solid basis of remote management
As we explained at the beginning of this article, one of the first killer features of the Intel vPro platform was its facility to enable remote management at a lower level than the operating system. This allowed tech support to be provided over the network, or the Internet, even when a problem was causing booting issues. The latest Intel vPro platform continues to provide this via its leading cloud-based remote management interface. Intel® Endpoint Management Assistant is available for IT organisations or MSPs to download and integrate within their service environment and tools; it’s also licence-free.
The Intel vPro platform provides a consistent set of business features around performance, security and management interfaces, providing stability and reliability. The latter ensures that the system administration team doesn’t have to deal with a plethora of slightly different platforms with varying security behaviours and patching requirements.
Altogether, the security and management features of the Intel vPro platform make it an unrivalled solution for business. If problems arise, it provides a low-level interface for remotely finding a fix. But the chances of there being issues in the first place are drastically reduced by a solid hardware-based security system. This wards against the lowest level of attacks and can now learn new threat vectors from their behaviour, growing in its ability to keep up with the latest vulnerabilities and neutralising them. It’s a comprehensive, evolving package, and with the new Intel Evo vPro platform these security and stability features are available without sacrificing style, performance, or portability.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now