Intel Threat Detection Technology

[0xDEADBEEF 43]

Apparently Intel's GPU accelerated memory scan is on all kinds of tech news today... Interestingly, the scanner they demonstrated is also called AMS (accelerated memory scanning) Engine

https://www.intel.com/content/www/us/en/security/hardware/threat-detection-technology-demo-video.html

Though this is idea is neither exciting nor new, and I don't know what ESET's detection algorithm is, it'd be interesting to see if ESET will adopt this in future products 

[itman 1,659]

Problem is it only applies to Intel processors. So if yours is AMD, you're out of luck.

[0xDEADBEEF 43]

1 hour ago, itman said:

Problem is it only applies to Intel processors. So if yours is AMD, you're out of luck.

True. Originally I thought it was for accelerating the realtime memory monitoring, later found out it was not (it can hardly be the case due to the memory coherence issue across CPU and GPU domain).

But I think it might be helpful for accelerating yara-like string matching workloads. Interestingly, they only talked about offloading the work, but barely talked about the runtime benefit.

[J.D. 33]

Hi,

We had multiple talks with Intel and evaluated this technology. It may be really interesting but for poorly written security software ;-) Our real-time memory scanner has negligible performance impact. Our HIPS is monitoring operations of the processes and only new or changed executables pages are needed to be scanned, which are not created from image on the disk (like exe or dll). In standard applications there are almost no pages that need to be checked (with exclusion of JIT, we have it handled). Additionally their scanner is just a pattern matching. We do much more - deep analysis of file to extract DNA features.