Intel Threat Detection Technology (TDT) is a CPU-level technology created by Intel in 2018 to enable host endpoint protections to use a CPU's low-level access to detect threats to a system. TDT consists of multiple components including Accelerated Memory Scanning, which uses the CPU's integrated GPU to scan memory, and Advanced Platform Telemetry, which uses processor-level activity monitoring to detect unusual activity. It is supported on sixth-generation or newer Intel Core CPUs and additional capabilities were added to the 11th generation Core processors.
Intel TDT is integrated into several third-party anti-malware solutions including Microsoft Defender, Check Point Harmony Endpoint, CrowdStrike Falcon, and others.
Accelerated Memory Scanning
Accelerated Memory Scanning (also referred to as "Advanced Memory Scanning") uses the CPU's integrated GPU to scan memory for malicious code, instead of using the CPU directly. This improves system responsiveness during anti-malware scanning. and lowers power consumption. Features include pattern matching, using random forest decision trees, string extraction, entropy calculation, and Euclidean clustering.
Advanced Platform Telemetry
Advanced Platform Telemetry collects CPU-level telemetry to detect uncommon activity patterns which might be indicative of malware. The telemetry data is collected from the CPU performance monitoring unit (PMU) and doesn't require a large signature database to detect malware. Instead, it uses machine-learning based correlations to identify indicators of attack
For example, Microsoft Defender is able to use TDT's Advanced Platform Telemetry features to detect processor usage patterns indicative of ransomware and cryptojacking with TDT so it can detect them.
See also
References
- ^ "Intel, Microsoft to use GPU to scan memory for malware". 16 April 2018.
- ^ "Intel® Threat Detection Technology Demo". YouTube. 21 May 2018.
- "Intel Announces Chip-Level Security Initiatives, iGPU-Based Malware Scanning". 17 April 2018.
- "Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties". 17 April 2018.
- "Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning". 17 April 2018.
- ^ "CrowdStrike Falcon® Enhances Fileless Attack Detection with Intel Accelerated Memory Scanning Feature". 3 March 2022.
- ^ "Hardware acceleration and Microsoft Defender Antivirus". 16 April 2018.
- "Intel adds hardware-based ransomware detection to 11th gen CPUs". 29 December 2022.
- "Intel® Threat Detection Technology (TDT) Runtime Threat Detection with HW Telemetry DEVELOPER GUIDE" (PDF). GitHub.
- ^ "Microsoft Defender for Endpoint CPU (Intel) based Threat Detection of Ransomware". 7 March 2022.
- "Check Point Software Technologies Enhances Endpoint Security with Intel vPro Platform". 11 January 2021.
- "Future-proofing PC fleets with the powerful pairing of Intel® Threat Detection Technology and AI-Native endpoint protection". 10 May 2024.
- "Detect Ransomware and Other Advanced Threats with Intel Threat Detection Technology" (PDF). Archived from the original (PDF) on 22 April 2022.
- "Intel Hardware-enhanced Threat Detection" (PDF).
- "Intel vPro® PCs Feature Silicon-Enabled Threat Detection" (PDF). Archived from the original (PDF) on 15 March 2023.
- "11th Gen Intel® Core™ vPro® Mobile Platform PCs Feature the Industry's Only Silicon-Enabled Threat Detection" (PDF).
- "A Closer Look at Intel's Hardware-Enabled Threat Detection Push". 11 August 2021.
- "The Crucial Role of Silicon in Advanced Threat Detection" (PDF).
- "Hardware-based threat defense against increasingly complex cryptojackers". Microsoft. 18 August 2022.
- "Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study". 3 March 2022.
 | This article needs additional or more specific categories. Please help out by adding categories to it so that it can be listed with similar articles. (December 2024) |