Jump to content

Intel Threat Detection Technology


0xDEADBEEF

Recommended Posts

Apparently Intel's GPU accelerated memory scan is on all kinds of tech news today... Interestingly, the scanner they demonstrated is also called AMS (accelerated memory scanning) Engine

https://www.intel.com/content/www/us/en/security/hardware/threat-detection-technology-demo-video.html

Though this is idea is neither exciting nor new, and I don't know what ESET's detection algorithm is, it'd be interesting to see if ESET will adopt this in future products 

Link to comment
Share on other sites

1 hour ago, itman said:

Problem is it only applies to Intel processors. So if yours is AMD, you're out of luck.

True. Originally I thought it was for accelerating the realtime memory monitoring, later found out it was not (it can hardly be the case due to the memory coherence issue across CPU and GPU domain).

But I think it might be helpful for accelerating yara-like string matching workloads. Interestingly, they only talked about offloading the work, but barely talked about the runtime benefit.

Link to comment
Share on other sites

  • ESET Staff

Hi,

We had multiple talks with Intel and evaluated this technology. It may be really interesting but for poorly written security software ;-) Our real-time memory scanner has negligible performance impact. Our HIPS is monitoring operations of the processes and only new or changed executables pages are needed to be scanned, which are not created from image on the disk (like exe or dll). In standard applications there are almost no pages that need to be checked (with exclusion of JIT, we have it handled). Additionally their scanner is just a pattern matching. We do much more - deep analysis of file to extract DNA features.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...