SecurityScorecard and Intel: Digging Past the Surface for Enhanced Protection

State of Affairs

Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.

Security leaders implementing a defense-in-depth approach need a holistic picture of internal device health and external attack surfaces to spot suspicious behavior and execute corrective action. SecOps teams would benefit from knowing where hardware-assisted security is providing a detection assist and can contribute meaningful telemetry for Zero Trust scoring or vulnerability risk assessment. Not having awareness of this valuable telemetry is a missed opportunity as it is deployed on billions of PCs in fleet deployment today.

SecurityScorecard and Intel are exploring the vast potential of bringing together the leader in external cyber risk scoring with key internal endpoint and cloud hardware security and telemetry.

 

Don’t stop at inspecting the cybersecurity software on your endpoints

Security operations have limited or no knowledge of where hardware security provides countermeasures. Additionally, they do not understand if these hardware features provide protection to completely prevent an attack, provide a detection assist to security software, help provide isolation to contain attacks, or aid in remediation if a breach occurs.

To help the industry in this area, Intel recently joined MITRE which manages the ATT&CK framework used by many Sec Ops teams to understand where security software solutions can provide coverage and countermeasures. Intel is driving new projects that will help map hardware security capabilities typically found on an enterprise-class PC, as well as Security for AI solutions, to MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures). This will help elevate the visibility of hardware security and its direct role in improving security software solutions.

 

SecurityScorecard and Intel: Working together to provide visibility into hardware security and its emerging applications to accelerate AI 

SecurityScorecard is excited to start exploring opportunities with Intel to expand our insights collection deeper in the device endpoints, which will help spot critical vulnerabilities all the way to the processor level. This is a massive entry point for threat actors since device-level software is one of the fastest-growing CVEs cataloged in the CISA database.

Additionally, Intel’s release of Intel® Core™ Ultra Processors with a Neural Processing Unit (NPU) provides the ability to run Deep Learning on a client, and Intel is already working with ISVs such as our mutual partner CrowdStrike to bring out compelling usages as new hardware-assisted security capabilities come to the endpoint.

Working with partners like Intel to provide enterprises with visibility into these endpoints will be a major benefit to improving cyber hygiene and reducing potential breach points. SecurityScorecard hopes to craft these valuable mappings into our scoring framework to make hardware security more actionable and visible for SecOps teams.

What comes next?

SecurityScorecard’s platform offers a number of unique ways to integrate Intel hardware-enabled security controls. Some of the questions we want to explore are:

• Can Evidence Locker enable customers to upload and verify that Intel hardware-enabled security controls are in place?
• Could Security Questionnaires allow organizations to add a template on hardware-enabled security control?
• Can we create and automate Action Plans to help companies and their third-parties vendors and partners and deploy hardware-enabled security capabilities?
• Can SecurityScorecard Ratings use hardware-enabled security controls as a new risk factor, which can positively impact a company’s score?
• How can Intel and SecurityScorecard craft an inside-out Integration with Intel devices that use hardware security controls enabled from BIOS configuration?

Overall, the opportunity to explore how we can jointly help organizations improve their security posture and controls is an exciting journey we can’t wait to get started on!

 

Stay tuned for updates on our progress

SecurityScorecard and Intel will keep you informed with additional announcements on our progress as we verify these capabilities, and work on making them available to our customers.

 

About SecurityScorecard 

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated. 

Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. 

SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

 

About Intel

Intel put the silicon in Silicon Valley. For more than 50 years, Intel and our people have had a profound influence on the world, driving business and society forward by creating radical innovation that revolutionizes the way we live. 

Today we are applying our reach, scale, and resources to enable our customers to capitalize more fully on the power of digital technology. Inspired by Moore’s Law, we continuously work to advance the design and manufacturing of semiconductors to help address our customers’ greatest challenges.