AUGUST 2012

Why You Should Read This Document

This guide shows you how to address the challenges of today’s threat landscape by using integrated security solutions from Intel and McAfee that are designed to help you prevent stealthy threats and improve security management for client endpoints. You’ll discover a new approach to IT security that includes:

• Gaining a solid understanding of the current threat landscape and advanced threats

• Understanding the damage these threats can cause to client endpoints

• Preventing zero-day rootkits using McAfee* Deep Defender* hardware-assisted security with Intel® Core™ vPro™ processors

• Enhancing security on endpoints using McAfee ePO* Deep Command* security management with Intel Core vPro processors

Planning Guide

Preventing Stealthy Threats with Next-Generation Endpoint SecurityA Proactive Approach from Intel and McAfee

Planning Guide

Preventing Stealthy Threats with Next-Generation Endpoint SecurityA Proactive Approach from Intel and McAfee

AUGUST 2012

2 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Contents 3 Introduction

4 Today’s Threat Landscape

6 Life Cycle of Advanced, Stealthy Malware

8 Prevent Threats in Real Time: McAfee* Deep Defender* Hardware-Assisted Security

10 Enhance Security on Endpoints: McAfee ePO* Deep Command*

Security Management

13 Next Steps

14 Resources for Learning More

3 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Today’s threat landscape is riskier than ever before. Security threats are escalating at an alarming rate, with more than 70,000 new piecesofmalwareidentifiedeachday.1 Well-funded cybercriminals are now creating sophisticated malware that is designed to circumvent current security solutions by loading before the operating system and evading antivirus protection. As a result, risk exposure has reached unprecedented levels that require a new approach to security.

With integrated security solutions from McAfee and Intel, you can gain an added layer of protection that works beyond the operating system to prevent attacks in real time while effectively managing security out to a network of endpoints. These innovative solutions bring together world-class processor technology from Intel and leadingsecuritysoftwarefromMcAfeefortheindustry’sfirstpreventive security approach.

The purpose of this guide is to show you how to address the challenges of today’s threat landscape by using integrated security solutions from Intel and McAfee. Find out how McAfee* Deep Defender* hardware-assisted security and McAfee ePolicy Orchestrator* (McAfee ePO*) Deep Command* security management work together with Intel® Core™ vPro™ processors2 to help you prevent stealthy threats and improve security management for client endpoints.

This guide highlights a new approach to IT security by helping you:

• Gain a solid understanding of the current threat landscape and advanced stealthy threats.

• Get insight into the damage these threats can cause to client endpoints.

• Prevent zero-day rootkits using McAfee Deep Defender on Intel Core vPro processors.

• Manage security on endpoints using McAfee ePO Deep Command with Intel Core vPro processors.

Introduction

The Purpose of This Guide

4 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Today’s Threat Landscape

With security threats on the rise—and threat propagation taking the form of stealth techniques—the landscape has changed. In fact, it’s more than most organizations can keep up with.

Today’s professional cybercriminals have replaced the amateur hackers of the past. Some have more than a decade of experience and work in specialized roles such as malware developers, botnet herders, spammers, and document forgers. These opportunistic attackersareveryorganizedandareouttoprofit—usuallymonetarily—whether by maliciously targeting a corporate brand, stealing valuable customer information or employee data, or shutting down web sites. Furthermore, hacking victims can quickly become unwitting members of a botnet herd that is used to further distributed malware, spam, and distributed denial-of-service (DDoS) attacks.

Another common threat is targeted attacks, which take a highly automated “low and slow” approach. Targeted attacks use device tampering to gain access to information, and then incorporate social engineering components for maximum gain. These mission-style attacks are designed for the long-term manipulation of their targets and therefore are often associated with espionage. Some targeted attacks have resulted in media censorship, billions stolen in intellectual property, compromised military intelligence, and organizations going bankrupt.

Unfortunately, attacks like these are always executed using stealth techniques. This includes advanced persistent threats (APTs), which are a collection of malicious techniques used to conduct targeted attacks,suchastakingcontroloforcorruptingaspecificsystemornetwork. Rootkits, a key component of many types of attacks, are commonly used by APTs and other malware to hide from users or security software. Many times they do this by escalating privileges and gaining root-level access to a computer without detection. Making matters worse, rootkits are one of the fastest growing typesofmalware,withmorethan110,000newrootkitsidentifiedeach quarter.3

Distinguishing Types of AttacksOpportunistic Attacks

•Spear phishing and spam

•Distributing malware

•Disrupting services with distributed denial-of-service (DDoS) attacks

Targeted Attacks

•Stealing commercial secrets (political or economic)

•Stealing government secrets

•Sabotaging critical infrastructure assets

A Cybercriminal’s Perspective Cybercriminals are highly motivated to launch escalation-of-privilege attacks. This motivation, combined with a deep understanding of the operating system and how it uses device drivers and memory, enables hackers to manipulate rootkits in the following ways:

•Building a piece of code that can inject itself into the kernel spaceandmaintainalowprofilewhilesendingout sensitive information

•Finding ways around current security tools to evade or disable them

•Producing false reports that all systems are running properly despite infection

5 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Regardless of the type of attack, cybercriminals are increasingly using rootkits to evade traditional security measures. Because some rootkits are able to load before the operating system, it means that they load before traditional security measures, including antivirus protection. Traditional security solutions work at the application layer, using hooks to get into the underlying operating systems. Rootkits are playing unfair by going below the operating system toinflicttheirdamage.Inthisway,themalwareisabletohideitspresenceandinflictdamage,allwhileescapingdetection.

Note the Unfair Advantage: Rootkits

The Cridex Example: A Bot Trojan through the Back DoorThe Cridex worm is a well-known present-day threat that targets user data, such as financial and social media credentials. After it gains entry by opening the back door on a compromised PC, it spreads by copying itself to mapped and removable drives. It then installs a custom rootkit to prevent traditional operating system–based security tools from reading its binaries while it downloads malicious files. For more information about Cridex, see page 9.

6 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Figure 1. Charting the malware attack life cycle

As malware techniques continue to grow in complexity, so do the opportunities for attack. Current computing trends are adding inherent risk, from the onset of virtualization and cloud computing to the explosion of mobile devices and IT consumerization. There is a growing range of computing devices connecting to the corporate network at any given time, and while many are corporate-owned, many belong to employees who may or may not have consent to use them for business purposes. This challenge takes IT security to a new level—and it also creates new opportunities for hackers.

In this computing environment, cybercriminals are now able to work within a much larger “attack surface” in terms of devices, data, applications,andsystems—andtheyonlyneedtofindonewayin.

They can also more easily take advantage of interconnected, global networks to propagate large-scale attacks.

Attacks typically occur in a phased approach that starts with initial contact and ends with damage that can take on a range of purposes.Andfirstcontactcanoccurmoreeasilythanyoumightthink—via e-mail, through social media links, or simply by physical connection. Two primary contact sources are malicious web sites, which are able to download malware during inadvertent “drive-by” visits, and thumb drives, which are particularly threatening because they are not typically scanned by antivirus software. Thumb drives make it especially easy for malware to launch infection, and as such, are often used to launch APTs.

Life Cycle of Advanced, Stealthy Malware

Mali

cious W

eb Site Physical Access

Network

Acc

ess

Unsolicited Message

Expl

oitConfiguration Error

Social Engineering

Pers

ist o

n Sys

tem Escalate Privilege

Download Mal

war

eSelf-Preservation

Bot Activ

ities Propagation

Tam

peri

ng

Identity &Financial Fraud

Adw

are &

Scareware

FIRSTCONTACT

LOCALEXECUTION

ESTABLISHPRESENCE

MALICIOUSACTIVITY

7 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Understand Potential Damage to Clients

Thereareseveralwaysinwhichmalwarecaninflictdamage on client endpoints, including:

• Taking control of an endpoint to set up a botnet that is controlled by a hijacker to send spam, launch DDoS attacks, steal data, or rent to other cybercriminals

• Propagating threats to spread infection to multiple endpoints within an organization

• Tamperingwithfiles,browsersettings,ordatabaseinformation

• Installing adware, scareware, or ransomware that attempts to force users to purchase a remedy

• Stealingpasswords,usernames,employeedata,orconfidentialcompany and customer information, and then selling this information to a thriving underground economy

After contact is established, stealthy malware will exploit any vulnerabilityitcanfindinthesystem,suchasaconfigurationerror, to establish its presence. Then, it embeds itself to hide as it launches infection by escalating privileges, downloading malware, and executing self-preservation efforts as needed to ensure that it remains undetected.

Thedamageinflictedbythistypeofmalwarecanhave catastrophic consequences, such as data loss and compliance violations that breach corporate, employee, and customer privacy—and in turn, tarnish a company’s reputation. It can also have far reaching business implications, such as lost employee productivity and increased operating costs due to the time spent on system remediation.

8 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Figure 2. McAfee DeepSAFE* technology builds a foundation for endpoint security

Today, many threats use kernel-mode rootkits that hide malware from traditional operating system–based security, and are therefore extremelydifficulttodetect.Moreover,detectionoftenoccursafter the rootkit is installed and the malware has done its damage, whetherit’sstealingconfidentialcompanyoremployeedata,network credentials, or intellectual property. Either way, this type of breach puts your organization at risk of compromising regulatory compliance,fines,andatarnishedreputation.

The best way to protect your systems from these stealthy threats is to eliminate them before they can do any damage. McAfee Deep Defender is the world’s only hardware-assisted security solution that utilizes McAfee DeepSAFE* technology to expose attacks and stop them in real time.4 This unique solution leverages features within the Intel Core vPro processor hardware to deploy protection beyond the operating system for zero-day protection—the ability to detect, block, quarantine, and remove threats before harm is done—without requiring any prior knowledge of the threat.5

The technology platform, jointly developed by McAfee and Intel, provides kernel-mode protection and memory monitoring that goes beyond detection to prevent malicious activity. It immediately exposes and removes advanced threats that would otherwise go undetected, including kernel-mode rootkits. Furthermore, the platform is designed to scale to address new types of threats for future product development.

Prevent Threats in Real Time: McAfee* Deep Defender* Hardware-Assisted Security

McAfee* Deep Defender* Hardware-Assisted Security

Operating System

McAfee DeepSAFE*Technology

CPU

Intel® Core™ vPro™ Processor

9 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Gain Visibility into System Memory

Deep Defender in Action: Blocking the Cridex Worm

McAfee DeepSAFE utilizes Intel Virtualization Technology (Intel VT) embedded in Intel Core vPro processors to guard against viruses and malware at the hardware level. Intel VT enables McAfee DeepSAFE to have a real-time view of system memory to monitor the boot process and detect any attempts at memory access.6 McAfee DeepSAFE then informs McAfee Deep Defender of suspicious behavior at launch and removes any traces of kernel-mode rootkits that were detected to eliminate them from the system. Because this unique, integrated security solution sits below the operating system, it can stop attacks as they occur and before they can cause any damage.

Malware authors are increasingly using compromised digital certificatestobypassantivirusdetectionandotherstandardsecurity measures. McAfee Deep Defender protects against this type of threat by blocking self-signed drivers from installing into kernel memory. One current example of this in action is the ability of McAfee Deep Defender to block the Cridex worm in real time.

Mentioned in the sidebar on page 5, Cridex is a bot Trojan that works by opening the back door on a compromised PC and installing a version of the Necurs rootkit to prevent traditional operating system–based security tools from reading its binaries. This targeted attack usually begins execution on the target system through

a drive-by-download attack that exploits a system vulnerability or a social engineering attack through an e-mail attachment. It then installs the Necurs rootkit, which is also used by several malware families, including Advanced PC Shield 2012 and Banker, to compromise the operating system.

Cridex then takes control of the victim’s computer and allows it to collect information and potentially make fraudulent transactions by manipulating legitimate bank web pages. In this way, the cybercriminals are able to trick the user into entering the valuable information they want without raising suspicion.

McAfee* Deep Defender* Hardware-Assisted Security: A Look at Business Benefits•Expose hidden threats that would remain otherwise

undetected by standard security measures.

•Gain a faster time to protection to stop data-stealing malware before it can cause damage.

•Prevent data loss by eliminating malware that targets sensitive company information.

•Reduce costs by cutting downtime and remediation costs.

10 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

When defending against fast moving attacks, it’s critical to deploy proactive security measures to ensure that all endpoints are up-to-date. Unfortunately, today’s computing environment makes thisadifficulttask.Althoughit’scriticalforendpointPCstoberesilient and available for users around the clock, the expansion of IT consumerization and mobile computing has limited IT control and access. Furthermore, the expense of deskside visits—when and if they are feasible—is a contributing factor to increasing operations costs.

McAfee ePO Deep Command uses the Intel Active Management Technology7 (Intel AMT) capabilities of Intel Core vPro processors to help organizations better manage security at the hardware level. With McAfee ePO Deep Command, you can control powered-off endpoints to run security updates and deployment and scan tasks, as well as perform remote remediation of security issues. Like McAfee Deep Defender, McAfee Deep Command works beyond the operating system, and it’s designed to help reduce security operations costs while helping enhance your organization’s security posture.

These days, IT departments are working with fewer resources and smaller budgets, yet managing more computing devices than ever before. Combine this with users working from any number of remote locations and accelerated threat propagation, and staying on top of security policies can feel like a losing battle. When a security breach does occur, you need the ability to respond at any time, with the right resources in place to minimize damage and keep users up and running.

Intel Core vPro processors offer powerful hardware-based remote monitoring and remediation capabilities to simplify IT management and enforce security for all users, regardless of their location.5 With Intel Core vPro processors, you can:

• Push critical security updates to PCs in any power state, at any time.

• Easily manage mobile PCs, whether it’s to diagnose a minor problem or to manage a possible security breach.

• Proactively support, control, and manage corporate security policies.5

Enhance Security on Endpoints: McAfee ePO* Deep Command*

Security Management

Stay Ahead of Security Threats

11 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Figure 3. Enhancing security management with Intel® Core™ vPro™ technology

Apps

McAfee* Security

McAfee Agent

Preboot

• Reduce cost of security operations.

• Improve security to powered-off PCs.

• Maintain security access while lowering energy use.

McAfee ePO Agent Handler

McAfee ePO* Console

Utilizes Intel® Core™ vPro™ technology• Local and remote connections • Permits remote assistance, policy control, and remediation • McAfee ePO* platform scalability• Value

12 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

With Intel Core vPro processors, your help-desk staff can power on, access, and control any user’s computer, with the ability to resolve issues through all states, including reboot. You can proactively manage threats by pushing security updates to users before a breach occurs, and you can diagnose, isolate, and repair infected clients after a breach takes place.7

Moreover, you can do all of this work with minimal impact to user productivity. For the traveling user who is unable to log on, you can reboot their PC remotely. Then you can give that user the ability to read and respond to e-mail as you continue to work on the problem using invisible remediation tools, such as virus scans and other diagnostics. With “always available” access to system information, you can:

• Remotely poll wired and wireless PCs, regardless of power state.

• Write asset data into protected memory, including hardware asset data and software version information.

• Identify and remediate noncompliant PCs to simplify compliance management.7

Saving Costs—and IT Resources—with Intel® Core™ vPro™ Processors •Track all asset information remotely, whether the PC device is

powered on or off.

•Work proactively by sending updates at any time and monitoring for potential problems.

•Use a remote IT console to manage issues, helping to reduce system maintenance costs and reduce the burden on IT resources.

•Reduce energy consumption with the ability to automatically power PC devices off during nonbusiness hours.5, 7

More about Remote Management with Intel® Core™ vPro™ Processors

intel.com/content/www/us/en/enterprise-security/vpro-back-to-work-animation.html

13 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

To defend against these advanced stealthy threats, enterprise security must change—and quickly. It’s a critical time for security efforts to move beyond the traditional software operating stack and monitor operations from a new vantage point closer to, and within, the hardware level.

McAfee ePO Deep Command and McAfee Deep Defender, together with Intel Core vPro processors, are designed to do just that. Prepare your IT organization for what’s ahead by using these integrated

solutions to take security beyond the operating system and prevent malware attacks while effectively managing security on a network of endpoints.

These innovative solutions bring together world-class processor technology from Intel and leading security software from McAfee in theindustry’sfirstpreventivesecurityapproach.Together,McAfeeand Intel are providing next-generation security that is uniquely designed to help you stay one step ahead of today’s threats.

Next Steps

14 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Resources for Learning More

Additional Resources

To learn more about joint security solutions from Intel and McAfee, visit the following web sites:

• For more information about Intel Core vPro processors, visit intel.com/pcsecurity.

• For more information about McAfee Deep Defender, visit mcafee.com/deepdefender.

• For more information about McAfee DeepSAFE technology, visit mcafee.com/deepsafe.

• For more information about McAfee ePO Deep Command, visit mcafee.com/deepcommand.

Or visit the following resources for a deeper look at the technologies:

Crimeware Protection: 3rd Generation Intel® Core™ vPro™ ProcessorsReadthiswhitepapertofindouthow3rdgenerationIntelCorevProprocessorscanaddresstoday'scrimeware security risks with security technologies that work beyond the operating system. intel.com/content/www/us/en/enterprise-security/3rd-gen-core-vpro-security-paper.html

Intel® vPro™ Technology ImplementationTakeacloserlookatthesetupandconfigurationofIntelvProtechnologyinthisstep-by-stepprocessso that your organization can start taking intelligent client computing to the next level. intel.com/content/www/us/en/remote-support/implementation-of-intel-vpro-technology.html

Intel® Setup and Configuration SoftwareFindouthowIntelSetupandConfigurationSoftware(IntelSCS)allowsyoutoautomaticallydiscover,setupandconfigure,andmaintainasecureconnectiontoeverymanageddeviceonyournetwork.intel.com/content/www/us/en/software/setup-configuration-software.html

Intel® vPro™ Technology: Reference GuideRead a comprehensive reference guide on Intel Core vPro technology. intel.com/en_US/Assets/PDF/general/rg_Intel_vProTechnology.pdf

Architecture Guide: Intel® Active Management TechnologyRead this architecture guide for a deep dive on Intel Active Management Technology.http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/

McAfee Deep Defender DemoWatch this demo animation to get a comprehensive overview of stealthy threats and how McAfee Deep Defender delivers a new perspective on security. mcafee.com/us/resources/demos/demo-deep-defender.html

15 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

McAfee Deep Defender Technology BlueprintRead the technology blueprint Fighting Rootkits to learn more about protecting against stealthy malwarebyflyingbelowtheoperatingsystem.mcafee.com/us/resources/technology-blueprints/tb-fighting-rootkits.pdf

McAfee ePO Deep Command DemoWatch this demo animation for a look into enterprise security challenges and how McAfee ePO Deep Command can address these challenges to simplify security management. mcafee.com/us/resources/demos/demo-epo-deep-command.html

McAfee ePO Deep Command Technology BlueprintRead the technology blueprint No Sleep for Security to learn more about Intel AMT for remote support and reliable security updates. mcafee.com/us/resources/technology-blueprints/tb-no-sleep-for-security.pdf

Intel® vPro™ Security Technologies Overview

Technology Capabilities

Intel® Trusted Execution Technology1 (Intel TXT)

Establishes hardware-based root of trust to defend against software attacks at launch.

Intel VT Works with Intel TXT to deliver built-in protection against malware and rootkit attacks.

Intel OS Guard2 Delivers automatic “blanket” protection to defend against escalation-of-privilege attacks.

Intel Identity Protection Technology3 (Intel IPT) with public key infrastructure (PKI)

Protects access points by working with authentication solutions to support hardware-based storage of tokens orcertificatesinsidetheplatform.

Intel Advanced Encryption Standard New Instructions4 (Intel AES-NI)

Encrypts data up to four times faster5 without slowing performance or interfering with user productivity.

Intel Secure Key6 Generates high-quality random numbers to enhance encryption for online transactions.

Intel Anti-Theft Technology7 Offers tamper-resistant security to detect potential theft, with the capability to automatically disable PCs.

Intel AMT Provides remote support for proactive threat management and diagnosing, isolating, and repairing an infected PC, regardless of operational state.

1. No computer system can provide absolute security under all conditions. Intel TXT requires a computer with Intel VT, an Intel TXT–enabled processor and BIOS, a chipset, Authenticated Code Modules, and an Intel TXT–compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit intel.com/go/inteltxt.

16 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

2. No system can provide absolute security. Requires an Intel OS Guard–enabled system with a 3rd generation Intel Core™ vPro™ processor and an enabled operating system. Consult your system manufacturer for more information.

3. No system can provide absolute security under all conditions. Requires an Intel IPT–enabled system, includinga2ndor3rdgenIntelCoreprocessor,anenabledchipset,firmware,software,andaparticipating web site. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit intel.com/content/www/us/en/architecture-and-technology/identity-protection/identity-protection-technology-general.html.

4. Intel Advanced Encryption Standard New Instructions (Intel AES-NI) requires a computer system with an AES-NI–enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel Core processors. For availability, consult your system manufacturer. For more information, see intel.com/content/www/us/en/architecture-and-technology/advanced-encryption-standard--aes-/data-protection-aes-generaltechnology.html.

5. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specificcomputersystems,components,software,operations,andfunctions.Anychangetoanyofthose factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.

6. No system can provide absolute security. Requires an Intel Secure Key–enabled PC with a 3rd generation Intel Core vPro processor and software optimized to support Intel Secure Key. Consult your system manufacturer for more information.

7. No system can provide absolute security under all conditions. Requires an enabled chipset and BIOS, firmware,software,andasubscriptionwithacapableserviceprovider.Consultyoursystemmanufacturerand service provider for availability and functionality. Intel assumes no liability for lost or stolen data and/or systems or any other damages resulting therefrom. For more information, visit intel.com/content/www/us/en/architecture-and-technology/anti-theft/anti-theft-business-technology.html.

17 Intel IT Center Planning Guide | Preventing Stealthy Threats with Next-Generation Endpoint Security

Endnotes

1. Source: McAfee Labs (Q1 2012).

2. McAfee Deep Defender works with 3rd gen Intel Core vPro processors and 2nd gen Intel Core vPro processors.

3. Source: McAfee Labs (Q1 2012).

4. The information in this document is provided only for educational purposes and for the convenience of McAfee and Intel customers. The information contained herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicabilityoftheinformationtoanyspecificsituationorcircumstance.

5. Intel vPro technology is sophisticated and requires setup and configuration.Availabilityoffeaturesandresultswilldependupon thesetupandconfigurationofyourhardware,software,andITenvironment. To learn more about the breadth of security features, visit intel.com/technology/vpro.

6. Intel VT requires a computer system with an enabled Intel processor and BIOS, and virtual machine monitor (VMM). Functionality, performance, orotherbenefitswillvarydependingonhardwareandsoftwareconfigurations.Softwareapplicationsmaynotbecompatiblewithalloperating systems. Consult your PC manufacturer. For more information, visit intel.com/content/www/us/en/virtualization/virtualization-technology/hardware-assist-virtualization-technology.html.

7. Security features enabled by Intel AMT require an enabled chipset, network hardware and software, and a corporate network connection. Intel AMT may not be available or certain capabilities may be limited over a VPN based on a host OS or when connecting wirelessly, on battery power, or while sleeping, hibernating, or powered off. Setup requiresconfigurationandmayrequirescriptingwiththemanagementconsole or further integration into existing security frameworks, and modificationsorimplementationofnewbusinessprocesses.Formoreinformation, see intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html.

8. No computer system can provide absolute security under all conditions. Built-in security features available on select Intel Core processors may require additional software, hardware, services, and/or an Internet connection.Resultsmayvarydependinguponconfiguration.Consultyour PC manufacturer for more details. For more information, visit intel.com/technology/security.

This paper is for informational purposes only. THIS DOCUMENT IS PROVIDED AS IS WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF

MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL,

SPECIFICATION, OR SAMPLE. Intel disclaims all liability, including liability for infringement of any property rights, relating to use of this information. No license,

express or implied, by estoppel or otherwise, to any intellectual property rights is granted herein.

Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel Core, Intel Sponsors of Tomorrow., the Intel Sponsors of Tomorrow. logo, and

Intel vPro are trademarks of Intel Corporation in the U.S. and/or other countries.

McAfee, the McAfee logo, McAfee DeepSAFE, McAfee ePO, Deep Command, Deep Defender, and ePolicy Orchestrator are trademarks or registered trademarks

of McAfee, Inc., in the United States and other countries.

*Other names and brands may be claimed as the property of others.

0812/BC/ME/PDF-USA 327696-001

Share with Colleagues

Sponsors of Tomorrow.™

More from the Intel® IT CenterThe Preventing Stealthy Threats with Next-Generation Endpoint Security planning guide is brought to you by the Intel® IT Center,Intel’sprogramforITprofessionals.TheIntelITCenterisdesignedtoprovidestraightforward,fluff-free,unbiasedinformation to help IT pros implement strategic projects on their agenda, including virtualization, data center design, intelligent clients, and cloud security. Visit the Intel IT Center for:

• Planning guides, peer research, and vendor round tables to help you implement key projects

• Real-world case studies that show how your peers have tackled the same challenges you face

• Information on how Intel’s own IT organization is implementing cloud, virtualization, security, and other strategic initiatives

• Information on events where you can hear from Intel product experts as well as from Intel’s own IT professionals

Learn more at intel.com/ITCenter.