A fair number of people have been scratching their heads this week over Intel’s proposed buyout of security giant McAfee, but I can think of at least one convenient proof point that highlights an element of the rationale that I think factored into this significant business decision.
First I have to recall talking about chips and security with Intel as far back as 1999 when I was covering the company for Newsbytes. Then chief Intel security guru, Pat Geltsinger (who has obviously gone on to quite a successful career as the acting president and COO at EMC) was already outlining Intel’s blueprint for seeding it’s processors with layers of onboard security features and fail safes. So, it’s worth noting that this notion of blending the two is actually far from new for the company.
And as anyone who follows Intel knows, they’re built around an absolutely incredible research and development organization, arguably unparalleled worldwide; without constantly upping the ante of not only its products but also its’ manufacturing processes and facilities (cue Moore’s Law), Intel would never have kept a stranglehold on leadership of the chip market for decades, as it has.
But, somewhat predictably, one the first things that sprang to my mind when I saw the ground-rumbling headline announcing the McAfee buyout was actually some research much closer to home for Core.
One of the most widely acclaimed research projects to emerge from our R&D team in Buenos Aries in recent years was the BIOS rootkit presentation first given by Core Senior Exploit Writers Alfredo Ortega and Anibal Sacco at the CanSecWest conference in 2009. The work was subsequently advanced and summarized again by the pair at the Black Hat USA 2009 conference as well.
The coverage that this work received, based on the fact that it illustrated precisely the fact that traditional AV defenses can be easily circumvented by malicious programmers working at the BIOS level, was among the best Core has ever enjoyed, even in comparison to our announcement of vulnerabilities in products made by Microsoft, Adobe and even Apple.
Looking back at those findings, I actually think it’s quite clear why Intel has invested so heavily in making security a big (and profitable?) piece of its future. It’s also just another reminder that nearly all major technology platform providers, from Microsoft to Cisco to EMC and beyond, have done the same.
When you consider Intel’s vastly important place in the functionality food chain, it clearly makes sense for them to embed as many safeguards as possible to attempt to fend off the variety of attacks that could be carried out at chip-level to circumvent other security controls, including physical tampering. It’s been established for years that these types of features need to be baked squarely into every major tier of the increasingly dense IT layer cake.
Of course, it’s worth noting that Intel’s not alone in pursing this security-on-the-chip model as rival AMD has used onboard security as a heavily marketed differentiator for years, and companies such as Phoenix Technologies have attempted to build a business around firmware-borne security software features.
So while I’ll agree that it took me a second or two to digest the notion of the Intel-McAfee merger – flooding my head with flashes of the Symantec-Altiris marriage, which after years of public consternation has begun to bear apparent fruit – I don’t think it’s actually much of a stretch, though pundits like security analyst Richard Stiennon have openly panned the deal.
At the end of the day I think it’s hard to question that Intel’s research into the matter led it to understand that it simply had to marry its existing products with even more security features – and hey, by picking up all of McAfee’s existing product lines that’s the kind of thing that keeps customers, partners and investors pretty interested too (flashing sign to PC makers worldwide: “Buy Your AV Products Here!”).
And forgive me for self-servingly inferring that it’s the type of research done by people like our guys at Core that has helped move the needle on awareness of the issue, but I feel that their contribution is pretty relevant.
Now, what about a microprocessor that pen tests itself?
-- Matt Hines, Chief Blogger