What is it?
Intel® Trusted Execution Technology (Intel® TXT) is a hardware security solution that protects IT infrastructures against software-based attacks by validating the behavior of key components within a server or PC at startup.
Using an infrastructure based in the Intel processor and known as the “root of trust,” Intel® TXT checks the consistency in behaviors and launch-time configurations against a verified benchmark called a “known good” sequence. The system can then quickly assess and alert against any attempts to alter or tamper with a system’s launch-time environment.
Why it matters.
Malicious software programs or “malware,” such as viruses, are a consistent and growing threat to IT and to businesses.
While the mechanisms of malware vary, they all seek to:
- Corrupt systems
- Disrupt business
- Steal data
- Seize control of platforms.
As companies adopt more shared, multi-tenant, and virtualized infrastructure models, the perimeter of the traditional network infrastructure becomes more exposed to vulnerabilities.
Also, traditional approaches of looking for “known bad” elements (the approach most used by anti-virus or anti-malware programs) are only partially effective at coping with the increasing volume and sophistication of attacks today.
Intel® TXT provides an additional enforcement point and a different, known good–focused approach, which checks for malicious software on client and server platforms before they have even launched.
How it works.
Quite simply, if your system’s launch sequence does not match Intel® TXT’s approved, known good sequence, it recognizes the threat and notifies you of this unexpected condition.
In more detail, Intel® TXT provides an infrastructure rooted in the processor that enables an accurate comparison of all the critical elements of the launch environment against a known good source.
To do this, it first allows creation of the known good profile by establishing a cryptographically unique identifier for each approved launch-enabled component. It then provides hardware-based enforcement mechanisms to detect the launch of any code that does not match the approved code.
Intel® TXT’s hardware-based approach provides the foundation on which a trusted platform solution can be built to better protect against software-based attacks.
Furthermore, it is designed to scale with the needs of your organization and help protect both the end user and the company infrastructure from malicious intent.
For more detailed information on the advantages of Intel® TXT and the full range of features it uses to create a secure computing environment, please read the white paper.