Hardware-Enhanced SecurityChange Your Security Paradigm to Enable Business while Reducing Risks and Costs

In a survey of enterprise users, 71 percent admitted to ignoring security policies meant to protect them, their devices, and corporate data.1

This survey result matters for two reasons. First, because some of the most pressing security concerns business leaders like you face—from malware to data theft—pivot around user actions. But perhaps more importantly, the survey result shows one reason why enterprise information security can feel like an uphill struggle. Despite an ever-increasing attack surface, security practices are still sometimes perceived as obstacles to be circumvented. In part, this perception is fed by the fact that for the past three decades, enterprise security practitioners have countered software-based security threats with software-based defenses.

Today, Intel and its partners are working to change the software-versus-software equation to tip the balance in your favor. The new equation enhances software-based protection through a three-pronged security vision anchored in the hardware:

1. Strengthen computing at its silicon roots without impeding the user experience through security features built into great platforms.

2. Deploy innovative software and services that take advantage of those hardware-embedded security features.

3. Enable business everywhere with protective capabilities that are consistent across devices.

Some components of this vision are available to businesses today. In fact, you probably already have platforms in your infrastructure that include security features embedded in the hardware—an approach Intel calls hardware-assisted security. By deploying software and services that use these embedded security features, your organization can benefit from improved prevention and remediation of security vulnerabilities.

Intel is working to strengthen business protection by embedding security features into platform hardware across four fundamental pillars of enterprise security:

• Anti-malware: Malware finds nowhere to run or hide

• Identity: Simple access with enhanced security

• Data protection: Stronger protection keeps data safe in case of theft or loss

• Resiliency: Always-updated, robust systems

This paper describes some of the platform-embedded security features that compose these pillars and how these features can help to improve your organization’s security profile.

Security does not detract from the bottom line. Rather, it is the framework that allows businesses to live and thrive.The Role of Security Is ExpandingSince the beginning of the information age, enterprises have treated security measures like fire extinguishers or protective clothing—necessary tools to prevent or limit damage, but secondary to the real mission of the business. Traditionally, even security professionals have taken a relatively narrow view of their role as protectors—a perception which corresponds to a relatively narrow charter. As a result, important security roles and measures are too often tacked on, incrementally and under pressure, to the last ten percent of a project. Perceived merely as a cost, security measures too often do not get the budget dollars or leadership time they need and deserve.

This attitude is beginning to change as business leaders recognize that good security practice is good business practice because of the evolving threat landscape and the enormous cost of security failures. Furthermore, today’s business environment is vastly different from the one in which outdated security models and perceptions evolved. For example, businesses generate value and conduct transactions online through increasingly interconnected business strategies and processes. Organizations collaborate with each other, exchange sensitive data, and conduct business through many cloud-based services

Executive Summary

SECURITY SOFTWARE

INTEL®HARDWARE

embedding security features into the hardware across four fundamental pillars of enterprise security: anti-malware, identity, data protection, and resiliency.

The rest of this paper explores how hardware-assisted security enhances protection in these pillars.

Anti-malware: Reduce Risk and Costs with Enhanced ProtectionThe first area where hardware-assisted security can enhance your defenses is in protection from malware. A computing platform must start secure—from the moment the power button is pressed—so that processes occurring after boot can be trusted. Boot and wake from sleep are critical times for devices. During these seconds, computers are in a pre-operating system environment where code is executing but where security capabilities in the operating system and anti-malware software have not yet loaded. Malware developers have learned to insert code that exploits these environments and avoids traditional software-based detection. Even though software might detect some of these activities when it loads, stealthy malware hiding below the operating system can reassert itself upon next boot or wake from sleep. These stealthy attacks, also called advanced persistent threats (APTs), are growing as a source of risk. McAfee Labs reported more than 150,000 new rootkit samples during the fourth quarter of 2012.2

Hardware-assisted security features built into computing platforms can help reduce risks and costs by strengthening your protection against APTs and other malware. These

across many different platforms—including mobile devices, which are highly susceptible to loss or theft.

Not only must enterprise security practitioners protect data and identities in this environment, but they must do so without impeding the end user experience, under increased regulatory pressure to protect privacy, and with a verifiable audit trail. These realities have created an environment in which the perceived role of information security practice must change from that of a supplemental protective layer to one of a proactive business enabler.

Information flow is fundamental to everything that enterprises do, and because information technology makes that flow possible, information technology is the enterprise nervous system. A strategy that integrates proven security practices with clear executional plans can keep that nervous system healthy and supports the flow of information on which the business depends.

Today’s challenging security environment can also create opportunities for enterprise security professionals. As organizations come to terms with the rising risk they face, security practitioners have a chance to show business leaders—now newly receptive because of heightened risk—that security does not detract from the bottom line; it is the framework that allows businesses to live and thrive. Indeed, as security threats grow ever more sophisticated, security can become a vital differentiator that separates businesses that have evolved from those that have not.

A hardware-assisted approach across all platforms can help to support this expanded role for information security. Intel is working to strengthen security as a business enabler by

Stay SecureHardware acceleration for security processing that enables ease of use.

Enhancing Security Software and Services, from the Hardware Up

Run SecureHardware enforced and maintained trusted execution environments.

Apps, Browsers, and OS

Security Acceleration

Start SecureHardware protection built into start-up processes to ensure system integrity.

Trusted Execution Environments

Protected Boot, Resume, and Wake

The hardware-assisted approach can help give your organization an advantage as workloads and users start, run, and stay secure. You can enable this stronger position by activating the lowest levels in the computing stack—along with software and services from partners you already trust such as McAfee, Microsoft, Symantec, VMware, Citrix, and more—to reduce risk from the moment platforms are powered on, and to quickly recover when something goes wrong.

Enhancing Security Software and Services, from the Hardware Up

features start to protect users and information before the platforms are even turned on or awakened from a sleep state—before traditional software-based protections have a chance to load.

By reducing the number of infections, hardware platforms with built-in security can have a direct positive impact on the bottom line because cleanup is costly. Reimaging after an infection can take up to five hours per machine, derailing both the IT technician and the end user for a total of 10 hours in lost productivity and an estimated cost per reimaged endpoint of $585.3 If your organization has 5,000 end points, a mere one-percent infection rate could cost $30,000 in reimaging time alone. Costs associated with compromise of sensitive data can add significantly to the overall costs—up to $188 per record for an average overall cost of $5.4 million per breach.4

Technologies that strengthen software-based malware protection help each platform take advantage of a root of trust that is anchored in the hardware. Software and services can then build upon that foundation to create a more secure environment for workloads and users. If something or someone has tampered with a device’s BIOS, firmware, master boot record, or other low-level components, platforms with hardware-assisted security can identify and prevent the attempted tampering, stopping the attack before it spreads.

Trusted compute pools are an applied example of hardware-assisted security. A trusted compute pool is a collection of computing resources whose trust state has been measured

and verified from the lowest levels of the computing stack. Each launch component on each server in the pool is measured against known good states. If a launch component does not match an approved state—for example, the

bootblock is different than expected—the system can be excluded from the pool as “untrusted”. This approach allows organizations to deploy workloads to the cloud with greater confidence that the multitenant cloud environment has not compromised security for sensitive data and workloads.

Support Productivity through Stronger Anti-malware ProtectionWith a secure start provided by hardware-embedded security features, users and administrators can go about their daily business and allow workloads to execute with greater confidence. Software and services that take advantage of security features embedded in the hardware can more effectively protect users and workloads during day-to-day business activities, allowing them to stay productive. That’s because hardware-based security enables use cases that extend protection beyond what is possible through software only. For example, these features can help:

• Root out malware wherever it hides, even rootkits that persist below or within the operating system

• Limit propagation of malware at the level of the network interface card (NIC)

• Decrease the likelihood that human error will open the door to an attack

• Create more thorough and efficient detection capabilities

• Create a trusted compute pool and define policies to ensure that sensitive workloads run only on trusted platforms

Trusted Compute PoolsIntel® Trusted Execution Technology (Intel® TXT)

You already know the challenges your IT department faces protecting individual

workstations and servers from malware. The threat to data centers with physical,

virtual, and cloud environments creates even bigger challenges as physical controls and

the effectiveness of traditional security tools are reduced. You need to protect personal,

financial, or other sensitive data for your employees and customers, but in virtual and

cloud ecosystems, this can be hard to accomplish without new tools and techniques.

By establishing trusted compute pools, you can better protect critical workloads.

Trusted pools are built on a foundation provided by Intel® Trusted Execution Technology

(Intel® TXT), which creates a measured launch environment (MLE) to verify the integrity

of firmware, BIOS, and operating system or hypervisor code on servers with Intel® Xeon®

processors. This provides a powerful new control point for IT managers. By using

attestation capabilities, along with virtualization and security policies, you can detect

which platforms in your virtual pool have passed or failed integrity verification by Intel

TXT. You can then combine the verified systems into trusted pools. Policy engines let

you restrict sensitive or confidential workload migrations to the trusted platforms that

have passed compliance verification by Intel TXT.

With trusted compute pools, you gain insight and retain greater control of your

organization’s sensitive workloads by ensuring trusted environments for the

underlying hypervisors, firmware, and hardware. You can also more easily execute

and monitor security policies for compliance auditing and reporting.

Figure 1: Trusted Compute Pools with Intel® Trusted Execution Technology (Intel® TXT)

Boot and wake from sleep are critical times for devices. Code is executing but security capabilities in the operating system and anti-malware software have not yet loaded.

In organizations with 5,000 end points or more, a mere one-percent infection rate could cost $30,000 in reimaging time alone.3

Identity: Reduce Risk through Simpler, Stronger Authentication & AccessWhile detection and protection against malware are important, they are not enough by themselves. That’s why Intel’s second area of focus for hardware-assisted security is on identities and how users and customers access critical networks.

Today’s enterprise user is hyper-connected—always online using a variety of interconnected apps, services, and devices. This reality invites risk as data and identities are exposed to compromise through an attack surface that is expanding due to misuse, spyware, social engineering, weak passwords, and more. These risks apply to enterprise users and to your business customers who have accounts at any of your online properties. If customers’ accounts are hijacked, they won’t blame themselves for their weak passwords—they’ll blame your business and tell all their friends.

Ninety-three million identities were exposed in 2012 alone,5 and a simple online search returns dozens of news stories about data breaches. These conditions led security

Reduce Risk with Proactive Security Embedded in SiliconSophisticated threats target deeper levels of your systems, making traditional anti-malware solutions less effective. Intel pushes security deep into the hardware to establish a root of trust before the operating system even starts.

Intel® Trusted Execution Technology (Intel® TXT) validates the behavior of key components during startup by comparing the current configuration to a known good state. This technique goes beyond the more common blacklist approach because it can be used to assess launch components and detect attempts to tamper with the system at launch time.

Intel® Platform Protection Technology with OS Guard prevents escalation-of-privilege attacks, in which malware makes the jump from user code to system code to take full control of an infected system.

researchers Eric Grosse and Mayank Upadhyay to declare, “We contend that security and usability problems are intractable: it’s time to give up on elaborate password rules and look for something better.”6

Safeguard Access to Protected Resources“Something better” could be hardware-assisted two-factor authentication. Two-factor authentication (2FA) is stronger than traditional username and password authentication because it enhances logon security with another component, such as a one-time password generated by a hardware token. Despite its stronger protection, many organizations do not use 2FA because solutions can be costly and complex. They often require supplementary data center hardware and software that must be configured and managed.

Hardware-assisted security features can greatly simplify 2FA because they can generate one-time passwords traditionally generated by discrete tokens. In other words, the platform itself becomes the token. Software and services can then take advantage of this capability, enabling 2FA solutions that require neither separate fobs nor additional data center investment. Administrators can manage these solutions centrally and eliminate the hassle of configuring and deploying hardware tokens, which are easily lost or stolen, and users can remain productive with a fluid user experience and non-intrusive security measures.

Simplify and Strengthen Authentication for Users and CustomersIntel® Identity Protection Technology (Intel® IPT), which supports hardware-embedded tokens and digital certificates, helps simplify secure authentication without distinct fobs that must be managed separately. By using Intel IPT with Public Key Infrastructure (PKI), you can eliminate the need to purchase and support costly physical smart cards. You can further enhance user logon security with Protected Transaction Display (PTD), a hardware-embedded feature that generates a randomized on-screen keypad that hides user input from screen-scraping malware and proves human presence at the computer, which helps thwart some types of attacks.

“A few kilobytes of cryptographic data is all that stands in the way of millions lost in sales, grounded airplanes, and closed borders.”—Ponemon Institute, “2013 Annual Cost of Failed Trust Report: Threats and Attacks.”8

Data encryption is a necessary step in mitigating risks while protecting data. Embedded security features and instructions on Intel platforms can strengthen data protection by accelerating software-based encryption in important ways:

• They accelerate data encryption so that greater security does not impact performance.

• They provide a more robust digital random number generation (DRNG) to make encryption more difficult to crack.

• They store cryptographic keys in a secure chip so that keys are never exposed to malware that might be running on a system.

In addition to 2FA, these features, along with software and services from Intel partners, enable simpler public key infrastructure (PKI) systems. These systems provide extended security capabilities such as e-mail encryption and document signing—all without additional data center complexity and user burden.

Data Protection: Improve Compliance and Reduce Risk with Stronger, Faster Encryption Data protection is the third area of focus for hardware-assisted security. In addition to protecting IT assets against malware and hackers, information security practitioners must also protect data and the devices running applications that touch the data. This is no small task, given the rapid proliferation of devices and the services they access.

• Of the 93 million identity exposures in 2012, most were a result of theft or loss of the device on which sensitive data were stored.2

• Mobile users who access phishing websites are three times more likely to submit their logon info than desktop users.7

• The number of password-stealing Trojans grew by 74 percent in the fourth quarter of 2012.2

These data points emphasize what security practitioners face every day: sophisticated, targeted attempts to steal sensitive information. In addition, attacks on trust—on the underlying, invisible systems on which secure exchange relies, such as certificate authorities and Secure Shell (SSH)—are a growing threat. A Ponemon analysis estimates that “failed key and certificate management threatens every global enterprise with potential cost exposure of almost U.S. $400M.”8

Figure 2: Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI)

In today’s always-connected world, it’s a challenge to keep data secure across networks and clouds. Advanced Encryption Standard (AES) is a U.S. government standard encryption algorithm that has been widely used for years as a highly effective solution for protecting data, but the encrypting and decrypting operations can be processor intensive.Intel created Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) to increase cryptographic performance of the AES algorithm. Intel AES-NI is an instruction set found in Intel® Xeon® and Intel® Core™ processors that increases encryption performance and reduces processor load. Intel AES-NI can also make encryption stronger by protecting against “side channel” snooping attacks, making it harder for malware to find vulnerabilities in the encryption.With Intel AES-NI, you no longer have to choose between performance and security. The efficient, hardware-based solution allows you to deploy encryption more widely, so you can protect data on networks, on storage devices, and within applications without sacrificing performance.

Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI)

Protect Company Assets and Confi-dential InformationWith encryption accelerated by Intel® Data Protection Technology with Advanced Encryption Standard New Instructions (Intel® AES-NI), you can better protect data on PCs while helping users maintain productivity. Intel® Data Protection Technology with Secure Key enables stronger encryption algorithms by generating more robust random numbers used to seed encryption keys.

Resiliency: Return Users to Productivity FasterExperience has shown that no matter how careful you are or how many security layers you have in place, security incidents are still going to occur. User carelessness could lead to an infection; devices get stolen; people work around security practices to do their jobs.

However, a security incident does not have to become a threat to the bottom line. The fourth area of focus for hardware-assisted security is resiliency. Intel embeds features in platform hardware that help you stop a breach or infection, limit the damage, and allow users to quickly return to productivity.

When something gets through, the impact on IT organizations and enterprise bottom lines is fast and considerable. Security incidents such as malware infections often require a desk-side visit by a support technician, which contributes to high help desk costs. In fact, while relatively few help desk requests (including security events) require a desk-side visit, those instances consume a disproportionately large percentage of help desk budget because desk-side visits are costly.

You need a reliable way to remediate security incidents from the data center before they spin out of control. Your organization can reduce costs and risks associated with security incidents through remote manageability powered by hardware-embedded features on Intel platforms. These embedded features can help administrators:

• Identify infections, including advanced malware, in near-real time

• Quickly block threats and isolate infected devices

• Dramatically accelerate remediation through remote manageability and repair, including remote boot from network, remote keyboard, video, and mouse capability, and more

The Intel IT department estimates that in certain scenarios, hardware-assisted resiliency features will enable a 10 times faster response time for the help desk and a 10 times faster return to productivity for users.9

Unite Security and the Bottom LineRevolutions in business computing during the past two decades mean that risk is pervasive and growing, touching every facet of the enterprise infrastructure. Despite this sobering reality, enterprise security professionals can re-invigorate security practice by explicitly realigning their mission with business goals. As Malcolm Harkins, Intel Chief Security and Privacy Officer, states in his book Protect to Enable, security practitioners exist “to enable business—to help deliver IT capabilities that provide competitive differentiation.”10 Sound information security strategy

enables business because it helps to mitigate risk and ensure compliance, while opening doors to new initiatives that can engage customers and increase productivity and efficiency.

Intel is working to empower security practitioners to fulfill their mission as business enablers by embedding security features in the platform hardware of devices across the enterprise. You can then deploy innovative software and services that take advantage of those features to extend protection beyond that offered by software alone. This approach can help unite security practices and business interests by shifting the conversation from one of technical protections needed to one of business benefits gained.

For this strategy to be effective, security can’t be treated as an after-thought or “fix” that is bolted onto a solution during deployment. Instead, security considerations need to be an integrated part of the planning phases for all IT and line of business (LOB) projects. When security is included in the planning and budgeting for new initiatives, protections can be designed into solutions in a way that lets you control the balance between comprehensive security, cost-effectiveness, and a rich user experience. That approach helps you manage risk more effectively while freeing your business to pursue new opportunities.

Secure and Manage Out-of-Band or Disabled PCsIntel® vPro™ technology is a set of security and management tools built into the Intel® Core™ vPro™ processor family. With Intel® Active Management Technology (Intel® AMT), you can access Intel vPro technology capabilities in a pre-boot or sleep state environment, beyond the operating system. This allows remote access to the PC, regardless of the system’s power state or operating system condition.

With Intel AMT, IT administrators can more easily discover, repair, and protect their networked computing assets by using integrated platform capabilities and popular third-party management and security applications, ultimately lowering IT support costs.

1 Cisco. “Cisco Security. Applied Intelligence for a Risky World.” 2013. http://share.cisco.com/asrsio/index.html.2 McAfee Labs. “McAfee Threats Report: Fourth Quarter 2012.” 2013. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf.3 McAfee and Intel. “The New Reality of Stealth Crimeware.” 2011. http://www.mcafee.com/us/resources/white-papers/wp-reality-of-stealth-crimeware.pdf.4 Benchmark research sponsored by Symantec. Independently conducted by Ponemon Institute LLC. “2013 Cost of a Data Breach Study: United States.” May 2013. http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-us-report-2013.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2013Jun_worldwide_CostofaDataBreach%22http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-us-report-2013.en-us.pdf.

5 Symantec. “Internet Security Threat Report 2013.” April 2013. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf.

6 Copyright © IEEE. All rights reserved. Reprinted, with permission, from Grosse, Eric and Upadhyay, Mayank. IEEE. “Authentication at Scale.” Security & Privacy. 2013. Personal use of this material is permitted. However, permission to reuse this material for any other purpose must be obtained from IEEE.

7 Trusteer. “Mobile Users Three Times More Vulnerable to Phishing Attacks.” January 2011. http://www.trusteer.com/blog/mobile-users-three-times-more-vulnerable- to-phishing-attacks.

8 Ponemon Institute. “2013 Annual Cost of Failed Trust Report: Threats and Attacks.” http://www.venafi.com/ponemon-institute-first-annual-cost-of-failed-trust-report/?ls=m-b&cid=70150000000KIkw.

9 Intel. “Intel IT: Evaluating Hardware-based Keyboard-Video-Mouse Remote Control.” 2010. https://communities.intel.com/docs/DOC-5302.10 Harkins, Malcolm. “Managing Risk and Information Security: Protect to Enable.” Apress Media, LLC. 2013.

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHER-WISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

A “Mission Critical Application” is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PUR-CHASE OR USE INTEL’S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS’ FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined”. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Intel® AMT requires activation and a system with a corporate network connection, an Intel AMT-enabled chipset, network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results dependent upon hardware, setup and configuration. For more information, visit http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html.

Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/.

Intel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. To learn more visit: http://www.intel.com/technology/vpro.

Built-in security features available on select Intel® processors may require additional software, hardware, services and/or an Internet connection. Results may vary depend-ing upon configuration. Consult your system manufacturer for more details. For more information, see https://security-center.intel.com/.

Intel® IPT requires an Intel Identity Protection Technology-enabled system, including a 2nd gen or higher Intel® Core™ processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more informa-tion, visit http://ipt.intel.com/.

Intel® OS Guard requires an Intel OS Guard-enabled platform, available on select Intel processors, and an enabled operating system. Consult your system manufacturer for more information.

Intel® Secure Key Technology requires an Intel Secure Key-enabled platform, available on select Intel processors, and software optimized to support Intel Secure Key. Consult your system manufacturer for more information.

Intel® Trusted Execution Technology (Intel® TXT) requires a computer with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security.

Intel, the Intel logo, Intel Core, and vPro are trademarks of Intel Corporation in the U.S. and other countries.

Copyright © 2014, Intel Corporation.

*Other names and brands may be claimed as the property of others.

Printed in USA 0114/MS/PRW/PDF Please Recycle 330093-001US

To learn more about the four critical areas where features embedded in the silicon can strengthen protection, visit Intel online at www.intel.com/enterprisesecurity.