IDF: Intel demos worm cut-off technology

Intel researchers have demonstrated a new hardware system designed to rapidly and automatically quarantine PCs infected with worms of viruses.

Announced at this week’s Intel Developer Forum (IDF), the Manageability Engine technology — internally referred to as “Circuit Breaker” — is designed to monitor the number of connections being made by a PC, and assess the integrity of the machine’s security software.

If it detects a higher than normal number of external connections being made, and this can be related to other software anomalies, the PC is then automatically disconnected to stop it becoming a platform from which to infect further machines.

“Worms and viruses propagate so quickly that if you are not able to respond in a matter of minutes, the situation is completely out of control,” said Justin Rattner, director of Intel corporate technology, who directed the on-stage demonstration of the system.

Rattner used the example of the Witty worm of 2004 to highlight the reactive limitations of current security methods. The worm spread around the world in only ten minutes and “there was not enough time for human intervention and not enough time for machine intervention,” he said.

The Manageability Engine would have been able to stop such a rapidly-spreading worm before it got out of hand because protection was in the same place as the initial infection, rather than monitoring it from a distance as it spread.

“It is looking at changes in traffic pattern behaviour. It doesn’t have anything to do with how the virus was coded. It also does a good job avoiding false positives. If your system was disconnected from the network because of a suspected virus on a regular basis, you would be very unhappy,” Rattner was reported as saying.

The demonstration used a hardware-based add-in card that the company claimed was also able to detect previously unknown types of infection using pattern analysis. On commercial systems, the implication is that it would be added to a network interface card, most likely as a single chip.

Rattner indicated that the technology was not meant to replace security software, rather to complement it as a way of limiting the damage in the event that it had been compromised.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now