The Long Game: Product and Security Assurance

Intel invests heavily in building systems that are resistant to emerging threats.

author-image

By

In a recent global study by Ponemon Institute,1 73% of IT decision-makers say they are more likely to purchase technologies and services from companies that proactively find, mitigate and communicate security vulnerabilities.

Intel is committed to product and security assurance and regularly releases functional and security updates for supported products and services. The Intel platform update (IPU) helps simplify the update process and improve predictability for Intel’s customers and partners. The updates provide security and functional improvements across Intel’s product portfolio.

“Security doesn’t just happen. If you are not finding vulnerabilities, then you are not looking hard enough,” said Suzy Greenberg, vice president, Intel Product Assurance and Security. “Intel takes a transparent approach to security assurance to empower customers and deliver product innovations that build defenses at the foundation, protect workloads and improve software resilience.”

Broad Ecosystem Collaboration

IPUs are often highly integrated combinations of hardware, firmware and software. Updates often require additional validation and integration from Intel ecosystem partners participating in the coordinated vulnerability handling process. These partners include operating systems vendors, cloud service providers, independent firmware vendors, original equipment manufacturers and systems integrators who release validated updates through direct channels to their customers.

The IPU process facilitates the ecosystem coordination and vulnerability handling process, leading to the release of validated updates.

The Intel platform update releases functional and security updates for supported products and services. (Credit: Intel Corporation)

» View full-size infographic

Breaking Down Barriers to Industry Adoption

The study confirmed that a top goal of the IT function is to improve the ability to quickly address vulnerabilities. While 30% of respondents say their organizations can patch critical or high-priority vulnerabilities in a week or less, it takes an average of six weeks to apply patches.

Patching delays are mainly caused by human error, the inability to quickly take critical applications and systems offline, and not having a common view of assets across security and IT teams.

Leading factors that cause delays in vulnerability patching process. (Credit: The Role of Transparency and Security Assurance in Driving Technology Decision-making, Prepared by Ponemon Institute, March 2021)

One of Intel’s major initiatives in 2018 was to continue improving the delivery of microcode updates (MCUs). In June 2018, Intel delivered the first OS-loadable MCU. As a result, Spectre V2 updates were possible via secure operating system updates, such as Windows Update and open source equivalents. Since then, Intel has enabled delivery of MCUs through this automated process when possible. 

Security is a system-level property where every component in the system — from software to silicon — plays its part to help keep data secure. Intel’s success relies on the success of its customers — and helping its customers be more resilient to emerging threats is a critical part of that success.

More Context: 2020 Product Security Report | The Role of Transparency and Security Assurance in Driving Technology Decision-Making (Ponemon Institute Study, Sponsored by Intel) | People, Processes, Products Define Intel’s Security Strategy  (Martin G. Dixon Editorial) | Silicon as Code, the Cybersecurity Vulnerability Paradox, and the Transparency Requirements for a 21st Century Processor Vendor (IDC White Paper, Sponsored by Intel)

1The Role of Transparency and Security Assurance in Driving Technology Decision-Making was sponsored by Intel and independently conducted by Ponemon Institute.

No product or component can be absolutely secure.