New Intel tool uses GPU to scan for viruses, saving time and compute resources

Intel also announced Advanced Platform Telemetry, which uses machine learning to improve threat detection.

Why your top cybersecurity goal in 2018 should be human-focused
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • New technology from Intel allows for using the integrated graphics platform on 6th, 7th, and 8th generation CPUs to scan RAM for malware.
  • According to Intel, this lowers CPU utilization from 20% to 2% in tests, and increases power performance.

At the 2018 RSA conference, Intel announced a new security initiative titled Threat Detection Technology, intended to make security scanning and threat detection easier. At launch, the plan has two component parts. The first, Accelerated Memory Scanning, uses the integrated graphics system to scan for malware in memory. The second, Advanced Platform Telemetry, attempts to combine diagnostic information with machine learning to more reliably detect threats.

Accelerated Memory Scanning

The idea of using the integrated GPU for memory scanning is so straightforward, it seems surprising that this was not implemented before now. Intel is providing a driver that can be used to instruct the integrated Intel graphics chipset to scan the RAM in a given device against a list of known malware signatures.

While malware stored on a disk may be encrypted or obfuscated, those attempts at protection would not be workable while the payload is being executed. That said, given that this control is handled at the kernel level, it is conceivable that any sufficiently advanced malware with kernel access could disable GPU-powered searching and give a false positive to antivirus software.

Because the integrated GPU is embedded on the same package as the CPU, it has full memory access, while discrete GPUs connected through PCI Express (or Thunderbolt, etc.) would not be able to perform the same function. According to Intel's press release, this strategy enables more frequent scans to be performed, "while reducing the impact on performance and power consumption." Accordingly, the release noted that "early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent." The technology works on 6th, 7th, and 8th generation Intel processors.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

While Intel plans to open this technology to other antivirus software vendors, it will launch first as part of Windows Defender Advanced Threat Protection (ATP), a business-oriented version of the antivirus software that uses cloud analytics to determine if a system has been compromised, the release noted. This is a premium antivirus solution beyond what is included as part of Windows, and it is unclear if this feature will also be rolled out to standard Windows Defender versions in Windows 10 and 10 Pro.

Advanced Platform Telemetry

Intel's other offering bears more than a passing resemblance to Windows Defender ATP. According to the release, "Intel Advanced Platform Telemetry combines platform telemetry with machine learning algorithms to improve the detection of advanced threats, while reducing false positives and minimizing performance impact."

In the release, Intel noted that the first product to use this technology will be Cisco's Tetration Platform, a data center and public and private cloud security system, which does not necessarily require Windows to operate.

The company has also announced "Intel Security Essentials," which is a common set of security capabilities, apparently intended to be identical across Atom, Core, and Xeon CPUs.

Also see

Image: iStockphoto/TWiRote