Developed in partnership with chip giants AMD, Intel and Qualcomm, the Microsoft Pluton processor improves the ability to shield encryption keys, monitor firmware and fend off physical hardware attacks.
The new security technology, billed by Microsoft as “the future of Windows PCs”, will also simplify the process of updating firmware by streamlining the delivery mechanism via a centralized platform.
- We've built a list of the best endpoint protection right now
- Check out our list of the best business computers around
- Here's our choice of the best antivirus services on the market
Microsoft Pluton security processor
Historically, a hardware component known as the Trusted Platform Module (TPM) has been responsible for preserving device security and verifying the integrity of a system. This strategy has been in use on Windows devices for upwards of a decade now.
However, cybercriminals have begun to discover means of circumventing these protections by targeting the interface responsible for transferring data between the TPM and the CPU - particularly if they are able to gain physical access to the device.
With this worrying trend in mind, Microsoft set out to build a processor that removes the vulnerable interface from the equation entirely, building security directly into the CPU itself.
“Our vision for the future of Windows PCs is security at the very core, built into the CPU, for a more integrated approach where the hardware and software are tightly integrated, ultimately removing entire vectors of attack,” explained the firm.
“This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.”
This chip-to-cloud security design, as it is known, was first trialled in the Xbox One and has also been deployed in Microsoft’s IoT security offering, Azure Sphere.
Essentially, the architecture of the processor means encryption keys, credentials and user identities are isolated from the rest of the system, emulating the function of a traditional TPM but removing the need to expose data in transit.
According to Microsoft, none of this sensitive information can be extracted from Pluton, irrespective of whether malware has been installed on the machine or the attacker has the device in their possession.
“With the effectiveness of the initial Pluton design we’ve learned a lot about how to use hardware to mitigate a range of physical attacks. Now, we are taking what we learned from this to deliver on a chip-to-cloud security vision to bring even more security innovation to the future of Windows PCs,” Microsoft added.
“With Pluton, our vision is to provide a more secure foundation for the intelligent edge and the intelligent cloud by extending this level of built-in trust to devices, and things everywhere.”
- Here's our list of the best business laptops right now