Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > Tags > amt
Up to Blog Posts in IT@Intel

IT@Intel Blog

3 Posts tagged with the amt tag
Gal Eylon
1

Before I begin I just wanted to share that this is my first attempt at blogging and I’m really excited to try out this new medium (at least for me J).

 

My name is Gal Eylon, I’m a program manager within Intel IT and I am leading a team which is responsible for vPro adoption activities across our enterprise. Recently we have posted a white paper ( Implementing Intel(r) vPro(tm) Technology to Drive Down Client Management Costs ) that details the journey we have gone through in order to fully deploy vPro use cases within our production environment. The white paper walks you through our architecture and engineering phases and then takes a deep dive into the operational phase – which made use case deployment a reality for Intel.

 

Although our journey was not easy (and has only begun…) – we are pretty pleased from our results and hope you would benefit from this white paper and that it would ease your adoption activities within your environment. In addition - I would appreciate if you would share some of the experiences, BKMs and challenges you are facing within your enterprise. If you are looking for additional info regarding our adoption activities please let me know and I’ll be more than happy to share.

 

Happy New Year!
Gal.

1 Comments Permalink Tags: amt, security, vpro, gal_eylon, intel, client, it@intel, roi, it, provisioning, manageability, cost_savings, value
Omer Ben-Shalom
0

The third and last part of the video series discussing how you can make use of the vPro system defense capabilities the easy way is out, this video shows an example of how your existing security server can implement network quarantine using system defense on provisioned devices without having to know a thing about AMT.

The video follows on the second video which showed an example of using system defense through the Microsoft SCOM GUI and shows a proof of concept implementation that only requires the security server to input an event into the local windows event log which is easily doable with almost any programming/script language. Behind the scene the SCOM agent installed on the security server intercepts this event, sends notification to the SCOM server and as a result the SCOM server implements the blocking policy on the offending host.




The beauty of this is that now you can choose any server to collect and correlate your security events and take quarantine decisions and all that without this server having to be an AMT management server. the existing AMT manager (SCOM in this example) is doing the hard work for you.


as before I hope you find this useful, I would love to hear comments and answer any questions.

Cheers


Omer.

0 Comments Permalink Tags: amt, event_manager, filtering, it@intel, management, network_quarantine, omer_ben_shalom, quarantine, ron_miller, security, system_defense, video, virus, vpro
Omer Ben-Shalom
2

I'm Omer Ben-Shalom and I am a principal engineer with Intel information technology (IT) focusing on mobility and client platforms. I have had the pleasure of working with the Intel development teams on the vPro AMT system defense and decided to share my experiences via a three part video series showing how system defense can help in active response to infected PCs.


There are many threats to the environment. the 'classical' threats originate from the outside and it is the job of the perimeter defenses such as firewalls, IPS and others to block them but the more problematic ones are those that originate from inside the perimeter, these type of attacks are mostly conducted from legitimate machines owned by the business and are quite often carried inside the perimeter unknowingly by employees especially when using mobile platforms such as notebooks which are carried outside the business and back in.


Detecting infected PCs and other malicious activity is done with the help of the various intrusion detections systems and the alerts generated can be collected and aggregated to provide a very good picture of the existing threats. A much more difficult task is the ability to quarantine the hosts carrying out the malicious activity and perform remediation. there are solutions involving both host software and network side blocking but with the host possibly compromised and the network location of the offending host subject to change with mobile platforms effective quarantine and remediation is very complex.

This is where the Intel vPro system defense capabilities come into play by allowing selective network access restrictions on a host, these restrictions can allow only the connectivity necessary to fix the problem and being implemented on the host platform itself cannot be escaped just by changing the network location.


This week we are publishing the first of a three part video series on how to use system defense for this purpose both manually and via integration to existing AMT management. I hope you will all take the time to view the introduction video below. any comments are welcome. I would love to hear your views about the problem as well as the solution.






I hope you enjoyed this video, parts two and three should post by next week, stay tuned

2 Comments Permalink Tags: it@intel, ron_miller, omer_ben_shalom, vpro, system_defense, security, event_manager, virus, network_quarantine, quarantine, management, video, filtering, amt

Popular Blog Posts