Intel The security end to end

Marco Soldi

Intel Confidential

Enter the Era of Pervasive Computing…

1. IDC “The Internet Reaches Late Adolescence” Dec 2009, extrapolation by Intel for 2015 2. ECG “Worldwide Device Estimates Year 2020 - Intel One Smart Network Work” forecast 3. 8x Network: 800 Terabytes / second of IP traffic estimated on Internal Intel analysis “Network Supply/Demand 2010-2020”

forecast . 16x Storage: 60 Exabytes of data stored from Barclays Capital “Storage Bits” Sept 2009, extrapolation by Intel for 2015; 20x Compute: Intel Internal LRP forecast. Extrapolated to 1 billion virtual servers using 1 vm/core

Traditional Computing 2015 - Everything Computing

>1Billion Additional Users1 >15 Billion Connected Devices 2

> 8X Network, 16X Storage & 20x Compute Capacity Needed 3

Intel Confidential

Intel’s Cloud 2015 Vision

Automated IT can focus more on innovation and

less on management

Federated Share data

securely across public and private

clouds

Desktops Laptops Embedded Smartphones Netbooks Personal Devices Smart TVs

Client Aware Optimizing services based

on device capability

Intel Architecture Compute Continuum

MIC Architecture

Intel Confidential

Where are the Threats Focusing?

Strongest physical isolation and lowest accessibility

Changing perimeters and increased access

Limited physical protections and more human interaction

Client Systems

Edge & Departmental Systems

Back End Systems

encryption

antitheft antivirus encryption

antispam

antivirus

content

inspection IPS/IDS

IPS/IDS

encryption

access

control

antispam IPS/IDS

vPro / TXT

Traditional Attack Targets/

Risk Area

Growing Attack Targets/

Risk Area

Emerging Attack Area

Compute Resources Gain Capability to Complement Perimeter - Enabling Protections Deeper into the Datacenter

Intel Confidential

Secure Clients

Access for Users & Services

Secure Data &

VMs

Trusted Client to Cloud

Intel® Identity Protection

Technology Intel® Trusted Execution Technology

AES instruction

Virtualisation Technology

Private/Public

Cloud

Unified Security Across Security Layers

Intel Confidential

Intel® Technologies: Server Security

Enforce

Intel® TXT establishes “trusted” status, foundation to control migration based on security policy

Encrypt

Intel® AES-NI delivers built-in encryption acceleration for better data protection

Isolate Intel® VT & Intel® TXT protects VM isolation and provides a more secure platform launch

VM

Intel® TXT

Platform ???

VM VM

Intel® TXT

Platform

VM VM

6

Intel Confidential

“There's a definite benefit to… AES-NI instructions... This is huge for corporate desktops/notebooks”30

—Anandtech*

0 1 2 3 4

Keep Data Safer and End-users More Productive

3 Intel ® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequen 17 Source: Comparing Intel® Core™ i5-2520M processor based laptops to theoretical installed base of Intel® Core™2 Duo Processor T7250 . Security workload consists of SiSoftware Sandra* 2010 - AES256 CPU Cryptographic subtest measures CPU performance while executing AES (Advanced Encryption Standard) encryption and decryption algorithm. 30 The Clarkdale Review: Intel's Core i5 661, i3 540 & i3 530, Anand Lal Shimpi, Anandtech, January 2010. http://www.anandtech.com/show/2901/5

Up to 4x faster encryption17

Intel® AES-NI3

accelerate encryption operations

i5-2400 (desktop) i5-2520M (laptop)

E6550 (desktop) T7250 (laptop)

Helps Speed Data Protection

Whole-disk encryption Internet Security

File Storage Encryption

Intel Confidential

Hardware based security to help protect your PC and data when it is lost or stolen

4 Intel® Anti-Theft Technology requires the computer system to have an Intel® AT-enabled chipset, BIOS, firmware release, software, and an Intel AT-capable Service Provider/ISV application and service subscription.

IT Help Desk Provider

PC can be easily reactivated via a local password or server-generated code

3

2nd Gen Intel® Core™ Processors with Optional Intel® Anti-Theft Technology4

• Absolute* Computrace* with Microsoft* System Center Service Manager 2010*

• PGP* Whole Disk Encryption Solutions*

• WinMagic* Secure Doc Full-disk Encryption*

PC shows customized message and remains disabled even if OS is re-installed

2

Local intelligence on PC detects potential theft and triggers action or PC is disabled via poison pill sent over Internet

1