Optimised Malware Detection from ESET & Intel

Next story

ESET has been collaborating with Intel for several years to deliver endpoint security software that can take advantage of hardware-based security and performance features—a major advantage in the battle to detect advanced ransomware and other constantly evolving threats.

Why businesses need hardware layer security on their endpoints

Despite all efforts, ransomware attacks continue to escalate in frequency and severity, with cybercriminals’ extortion tactics becoming progressively more brutal. Ransomware and malware in general are also becoming more sophisticated and better able to avoid detection by conventional means. 

For example, recent ransomware variants can rewrite themselves once they infiltrate a victim’s environment, thus dodging traditional signature-based detection tools. Another emerging ransomware capability is hiding inside virtual machines.

These advanced obfuscation techniques are creating gaps in cybersecurity coverage. This is where hardware-based malware detection comes into play—detecting both known and novel malware to keep companies safer. While malware software always leaves a “fingerprint” when it executes, hardware-based monitoring of CPU telemetry can flush out even the most sophisticated ransomware, providing elevated immunity to many detection bypasses. 

Mutual customers have benefitted from ESET’s collaboration with Intel since March 2022, when ESET rolled out its ESET PROTECT multilayered cybersecurity suite integrated and automatically configured with Intel® Threat Detection Technology (Intel® TDT).  Today, approximately 90% of ESET end users are running on Intel-based systems. Residing on the Intel CPU, the combined solutions use AI to analyse CPU telemetry to provide advanced detection against new and existing strains of malware—especially ransomware. 

The latest from ESET and Intel: Leveraging hybrid processors to optimise performance 

While the need for advanced, AI-driven threat detection grows by the day, cybersecurity and IT leaders look to balance new technology deployments against the performance and productivity challenges brought on by remote and hybrid work scenarios. Endpoint security tools must keep a low profile to avoid slowing down other tasks and/or draining users’ batteries. 

This is why ESET and Intel have expanded their work together, now offering advanced endpoint solutions that take advantage of Intel’s latest hybrid processor architecture. The newer generations of Intel® Core™ and Intel® Core™ Ultra processors have two kinds of cores:

  1. Performance cores, which compute at the highest speeds
  2. Efficient cores, which compute relatively fast but with much lower energy consumption

How is hybrid chip architecture relevant to cybersecurity incident detection and response? If you are trying to detect the presence of malware, you probably want that operation to run as fast as possible. So, you would run it on performance cores. But some other cybersecurity processes, such as updates and background scans, can run on efficient cores to save device power and optimise the performance of priority tasks.

By taking advantage of Intel’s hybrid processor architecture to intelligently schedule background workloads on efficient cores when available, ESET endpoint protection solutions can better meet the demands of remote and hybrid work scenarios. Another key benefit discovered in initial testing: battery power savings on laptops running the hybrid aware software have been on the order of 5% to 8%. 

According to Előd Kironský, Vice President of Endpoint Solutions and Security Technologies at ESET, “Our endpoint protection product is aware that it is running on a hybrid processor, and it is able to direct different workloads to use either efficient cores or performance cores. Assigning workloads to efficient cores has no negative impact on product performance. In a number of scenarios, performance increases were documented and processes completed faster.”

This new “hybrid aware” capability is slated to be released to ESET customers in early December.

Compound benefits for ESET customers running on Intel

Low impact to system performance is an area that ESET has always prioritised within its multilayered software architecture and is a key selling point for many of our clients. Leveraging technology that can help with prevention and protection while also preserving performance is a win-win choice.

Likewise, ESET has always advocated a multilayered approach to security. By adding the silicon layer to our security stack, ESET and Intel have reached a new milestone in combatting cyberthreats. 

By taking advantage of newly expanded capabilities in the Intel relationship, our customers witness multiple benefits from the joint solution.

  • Intel TDT’s hardware-level malware detection coupled with its ongoing machine learning improvements are a powerful weapon in the fight against ransomware and other cyberattacks.
  • The added compute demands from this new hardware-level detection capability are largely being offloaded onto the GPU or efficiency cores, minimising impacts on system performance and end user productivity.
  • Because the joint solution activates and operates automatically, it delivers an immediate boost to ransomware protection with no increase in IT complexity or administrative workload.
    Customers looking to take advantage of next-gen cybersecurity won’t have to wait long for continued innovation from ESET and Intel. We are currently working together to develop new functionalities and tools that take advantage of the neural processing unit (NPU) in Intel Core Ultra processors and expand on ESET’s leadership in AI-native security for AI PCs. 

It’s important that we continue to maximise innovation and address tomorrow’s unknown threats through our work with innovation partners, like Intel. It’s these types of collaborations that will empower a safer tomorrow for businesses of all sizes, and we are proud to include them in the ESET technology ecosystem.