smau bari 2012 marco soldi
DESCRIPTION
Intel The security end to endTRANSCRIPT
Intel The security end to end
Marco Soldi
Intel Confidential
Enter the Era of Pervasive Computing…
1. IDC “The Internet Reaches Late Adolescence” Dec 2009, extrapolation by Intel for 2015 2. ECG “Worldwide Device Estimates Year 2020 - Intel One Smart Network Work” forecast 3. 8x Network: 800 Terabytes / second of IP traffic estimated on Internal Intel analysis “Network Supply/Demand 2010-2020”
forecast . 16x Storage: 60 Exabytes of data stored from Barclays Capital “Storage Bits” Sept 2009, extrapolation by Intel for 2015; 20x Compute: Intel Internal LRP forecast. Extrapolated to 1 billion virtual servers using 1 vm/core
Traditional Computing 2015 - Everything Computing
>1Billion Additional Users1 >15 Billion Connected Devices 2
> 8X Network, 16X Storage & 20x Compute Capacity Needed 3
Intel Confidential
Intel’s Cloud 2015 Vision
Automated IT can focus more on innovation and
less on management
Federated Share data
securely across public and private
clouds
Desktops Laptops Embedded Smartphones Netbooks Personal Devices Smart TVs
Client Aware Optimizing services based
on device capability
Intel Architecture Compute Continuum
MIC Architecture
Intel Confidential
Where are the Threats Focusing?
Strongest physical isolation and lowest accessibility
Changing perimeters and increased access
Limited physical protections and more human interaction
Client Systems
Edge & Departmental Systems
Back End Systems
encryption
antitheft antivirus encryption
antispam
antivirus
content
inspection IPS/IDS
IPS/IDS
encryption
access
control
antispam IPS/IDS
vPro / TXT
Traditional Attack Targets/
Risk Area
Growing Attack Targets/
Risk Area
Emerging Attack Area
Compute Resources Gain Capability to Complement Perimeter - Enabling Protections Deeper into the Datacenter
Intel Confidential
Secure Clients
Access for Users & Services
Secure Data &
VMs
Trusted Client to Cloud
Intel® Identity Protection
Technology Intel® Trusted Execution Technology
AES instruction
Virtualisation Technology
Private/Public
Cloud
Unified Security Across Security Layers
Intel Confidential
Intel® Technologies: Server Security
Enforce
Intel® TXT establishes “trusted” status, foundation to control migration based on security policy
Encrypt
Intel® AES-NI delivers built-in encryption acceleration for better data protection
Isolate Intel® VT & Intel® TXT protects VM isolation and provides a more secure platform launch
VM
Intel® TXT
Platform ???
VM VM
Intel® TXT
Platform
VM VM
6
Intel Confidential
“There's a definite benefit to… AES-NI instructions... This is huge for corporate desktops/notebooks”30
—Anandtech*
0 1 2 3 4
Keep Data Safer and End-users More Productive
3 Intel ® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequen 17 Source: Comparing Intel® Core™ i5-2520M processor based laptops to theoretical installed base of Intel® Core™2 Duo Processor T7250 . Security workload consists of SiSoftware Sandra* 2010 - AES256 CPU Cryptographic subtest measures CPU performance while executing AES (Advanced Encryption Standard) encryption and decryption algorithm. 30 The Clarkdale Review: Intel's Core i5 661, i3 540 & i3 530, Anand Lal Shimpi, Anandtech, January 2010. http://www.anandtech.com/show/2901/5
Up to 4x faster encryption17
Intel® AES-NI3
accelerate encryption operations
i5-2400 (desktop) i5-2520M (laptop)
E6550 (desktop) T7250 (laptop)
Helps Speed Data Protection
Whole-disk encryption Internet Security
File Storage Encryption
Intel Confidential
Hardware based security to help protect your PC and data when it is lost or stolen
4 Intel® Anti-Theft Technology requires the computer system to have an Intel® AT-enabled chipset, BIOS, firmware release, software, and an Intel AT-capable Service Provider/ISV application and service subscription.
IT Help Desk Provider
PC can be easily reactivated via a local password or server-generated code
3
2nd Gen Intel® Core™ Processors with Optional Intel® Anti-Theft Technology4
• Absolute* Computrace* with Microsoft* System Center Service Manager 2010*
• PGP* Whole Disk Encryption Solutions*
• WinMagic* Secure Doc Full-disk Encryption*
PC shows customized message and remains disabled even if OS is re-installed
2
Local intelligence on PC detects potential theft and triggers action or PC is disabled via poison pill sent over Internet
1