This document discusses the growing concern of security breaches and the need for robust user authentication. It argues that hardware-based security can better protect against hacking by securing identity, data, and threat prevention in hardware below the software layer. The document presents Intel's solution, Intel Authenticate, as a hardware-based, IT policy-managed multi-factor authentication approach that protects authentication factors, credentials, and policies in hardware to provide comprehensive identity and access protection.

1. DISRUPTTHEHACKERS
With Robust User Authentication
Yasser Rasheed
Global Director of Endpoint Security Products, Intel Corporation
November 2017

2. 2
SECURITYISAGROWINGCONCERN;AREYOUPREPAREDFORNEWREGULATIONS?
“There are only two types of companies: those that have been hacked, and
those that do not know they’ve been hacked.” ~ Robert Mueller, ex-FBI Director
1,378,509,261
Number of data records
compromised in 20163
$141PERRECORD
The average cost per
lost or stolen data
record in 20172
31,000,000Of hacking-related
breaches involved
stolen and/or weak
passwords1
81%
4.2% Encryption used in only
4.2% and the stolen data
was rendered useless.3
Of incidents result from
exploits in software4
90%
SHARE
PRICE
Data breaches
have caused an
average fall in
share prices, on
a permanent
basis6
New malware counts grew from
24M in Q4’16 to 31M in Q1’175
1: Verizon 2017 Data Breach Investigations Report
2: Security Intelligence, Cost per record
3: 2016 Gemalto Breach Statistics
4: CSO, Application Security Research, US Department of Homeland Security
5: McAfee, June 2017 Quarterly Threat Report
6: Fortune, Cyber Breach Shareholder Damage

3. THEANATOMYOFABREACH…
3
CIO/CISO priorities:
• Identity protection
• Data protection
• Threat detection/prevention
• Recovery from breaches
Is Software-Based Security Sufficient?
Can Hardware-Based Security CHANGE THE GAME?

4. 4
WHYHARDWARE-BASEDSECURITY?
TH E F IRM WARE L AYER
THE SOFT WARE L AY ER
TH E SILICON L AYER
• Creative and open by design
• A more visible surface for tampering
• Tightly closed by design
• Farther from sight, further from reach
• Talks to software, but hides things
• Makes tampering far more difficult

5. 5
ELEMENTSOFACOMPREHENSIVESECURITYSTACK
Secure Platform Foundation
(Rooted in the Hardware for best protection)
Threat
Behavioral Threat Detection and
Prevention
Data
HW-based, IT-policy managed,
File & folder encryption
Identity
HW-based, IT-policy managed,
Multi-factor Authentication (MFA)
Recovery
Quick reset to known configuration
Remote recovery automation
Comprehensive
End-Point Security
Best when rooted in Hardware
(Goal: Designing out Software Attacks)

6. 6
MULTI-FACTORAUTHENTICATION
Something
you Know
Bluetooth
Devices
Something
you Have
Something
you Are

7. ATTACKSONSINGLEFACTOR/BIOMETRICSSYSTEMS
Fake
Biometric
Replay old data
Modify the
Template
Intercept the
channel
Sensor
Feature
Extractor
Access to
resources
Matcher
Stored
template
Override feature
extractor
Override
matcher
Override
Decision/token
Source: http://perso.telecom-paristech.fr/~chollet/Biblio/Articles/Domaines/BIOMET/ratha.pdf

8. MULTI-FACTORAUTHENTICATIONSYSTEMS
Sensor
Feature
Extractor
Matcher
Stored
template
Sensor
Feature
Extractor
Matcher
Stored
template
Sensor
Feature
Extractor
Access to
resources
Matcher
Stored
template
Policy
Decision
Point
IT/InfoSec
Policy

9. 9
COMPREHENSIVEIDENTITYANDACCESSPROTECTION
MANAGEDENTERPRISE
“HARDENED”
Data & Certificate
Management
“HARDENED”
Authentication &
Factors
“HARDENED”
IT Policy
Management

10. 10
CASESTUDY:INTEL®AUTHENTICATE
Hardware-based, IT policy-managed, multifactor authentication solution
IO MEMORY NETWORK DISPLAY
HARDWARE
OPERATING SYSTEM
APPLICATIONS
NetworkDevices
Console
IT ConsoleOS & Domain
login VPN login
Client
Intel® Authenticate
BiometricsLocation
Bluetooth
ProximityPIN
- SCCM
- Active Dir.
McAfee ePO
Walk-
Away Lock
User Presence
IT Policy
(plugins)
• Critical security processes performed below the OS
• IT policies securely provisioned, stored and enforced in HW
• Virtual smart card authentication for end-to-end protection
Intel® Authenticate protects factors, credentials, policies, and decisions in hardware

11. LEARNMORE:
WWW.INTEL.COM/ENDPOINTSECURITY