The following text is provided by AMD and published verbatim.
Cybersecurity threats and attacks are on an upswing with no end in sight. As just one indicator, in 2021 the FBI’s Internet Crime Complaint Center recorded its highest number of complaints ever: 847,376. That figure topped the previous year’s total by 7%. Potential losses from these complaints alone were estimated to exceed $6.9 billion.
Against this backdrop, it’s clear that organizations must do more to protect their data and employees. Since endpoint devices (including laptops and smartphones) are especially vulnerable they are an excellent place to start.
Indeed, many of the threats tracked by the FBI target endpoint devices in phishing, identity theft, ransomware, and other attacks. The problem is expected to only worsen with the widespread acceptance of the permanent hybrid work arrangements that have employees working out of the office much or even all of the time.
Fortunately, a layered approach to security affords solutions.
New threats, new vectors
The ongoing cybersecurity crisis is compounded by hybrid work arrangements with employees far from the shelter of corporate networks.
According to IDC, North American technology leaders agree that, for better or for worse, hybrid work is here to stay. And it poses particular risks for enterprises coping with a steadily rising tide of threats. That’s because endpoints such as laptops serve as inviting targets for cyberattacks.
According to Vedere Labs, computers represent the sixth most risky IT asset, scoring 8.5 out of 10 on the Common Vulnerability Scoring System (CVSS). And within devices, firmware is increasingly under attack. For example, the Unified Extensible Firmware Interface (UEFI) — a low-level firmware that helps secure devices before the operating system loads — faces new threats. Before 2021, researchers recognized just two types of UEFI malware. Today, there are at least five.
Meanwhile, digital transformations and industry 4.0 are adding millions of new devices to the potential attack surface. These attacks hit enterprises in another vulnerable area: software supply chains. “Two of the biggest attacks in the last two years have been related to supply chains,” says Akash Malhotra, head of security product management at AMD.
Supply chain attacks — including the highprofile SolarWinds hack — compromise one component of the software stacks enterprises depend on to gain access
to others. “It’s not so much that they’re new,” Chuck Schalm, commercial business development leader at AMD, says of supply chain attacks. “It’s just that the severity is heightened now more than five years ago.”
A multilayered approach to security, which helps secure hardware and software at every level, can go a long way toward countering these threats and others to come. That’s because a layered approach does not depend on any single component for effective security.
Layered security aimed at chip-to-cloud protection
Multilayered security works by helping secure the layers of software and hardware within and used by devices. Multilayered security also helps secure devices against attacks originating from networks, services, and software accessed by the devices — making it a powerful approach for safeguarding the devices employees use outside the office. “On unsecured networks, your device becomes the last line of defense,” Malhotra says.
Layered security also helps address physical access risks. “It can be stolen,” Malhotra says of a portable device. “If you leave it for a couple of minutes, someone can plug malware into a USB port.” That scenario is not so far-fetched, considering the reality of employees increasingly working in coffee shops, coworking spaces, and other public places in the era of remote and hybrid work. As Malhotra notes, that makes the device itself the last line of defense against physical as well as software attacks.
Multilayered security provides critical benefits to help secure data and user identities, including:
- Protection below the OS level via silicon dedicated to security functions to help stop threats before they can compromise the operating system
- Hardware-based security, including encryption, to help combat attacks that bypass software protections
- Hardware and software integration to provide coordinated protection to help keep malicious actors from exploiting security gaps between the two
“You have to ensure that all those pieces are addressed,” Schalm says of the challenge of device security. “There is no elegant software-only solution to the problem. Part of it has to reside in the hardware.”
To provide the coordination needed for robust, layered security, hardware and software providers must work closely together. An example of such coordination is the collaborative effort between AMD and Microsoft.
How AMD and Microsoft work together to help secure PCs
AMD and Microsoft have worked together to integrate hardware and software security features to help protect today’s mobile workforce. “A tight relationship is needed between OS and hardware so that they both can implicitly trust each other,” Malhotra says. To that end, he says, “We are integrating Microsoft IP into our silicon.”
Some highlights of the state-of-theart security features and benefits provided by the AMD and Microsoft collaboration include:
- AMD Ryzen™ PRO 6000 Series processors integrate the Microsoft Pluton™ security processor to enhance the security of PCs running Microsoft 11 without sacrificing performance.
- Microsoft Pluton™-enabled chip-to-cloud security technology — designed and kept up-to-date by Microsoft — helps protect user identities, data, and applications on Windows 11 PCs. Microsoft Pluton™ acts as an integrated hardware root of trust for the Windows ecosystem.
- AMD Secure Processor (ASP), a dedicated security co-processor working with Microsoft Pluton™ on AMD Ryzen™ PRO 6000 Series processors, acts as a silicon hardware root of trust. It enhances system integrity by authenticating initial firmware loaded onto PCs.
- AMD Memory Guard, a feature of AMD Ryzen™ PRO processors, enables full system memory encryption, delivering more robust security than softwarebased encryption can on its own. AMD Memory Guard helps secure encrypted memory with a new key generated at each startup. As a result, it helps thwart attempts to extract passwords and other sensitive information from memory even if an attacker gains physical access to a device.
- Control-flow protection via AMD Shadow Stack helps defeat attacks in which malware attempts to redirect the flow of steps executed by legitimate software. This hardware-based protection works by checking the stack, or information about the sequence of software subroutines, against a hardware-stored copy to detect deviations.
- AMD PRO manageability simplifies deployment, imaging, and management of PC fleets via a single console that handles devices made by multiple vendors, including those with Intel as well as AMD processors.
Cyberattacks are on the rise and increasingly exploit work-fromhome and hybrid work environments.
New approaches to security are needed to help protect users and sensitive data. Multilayered security based on close collaboration between hardware and software developers can help provide the comprehensive protection businesses need.
“No one controls enough of a total product stack to be able to provide a fully comprehensive solution,” Schalm says. “But by working together, AMD and Microsoft provide layers of protection in silicon, firmware, and the OS to provide solutions that equal more than the sum of their parts.”
Learn more at AMD.com.
 Microsoft Pluton is a technology owned by Microsoft and licensed to AMD. Microsoft Pluton is a registered trademark of Microsoft Corporation in the United States and/or other countries. Learn more at https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-securitychip-designed-for-the-future-of-windows-pcs/
 Full system memory encryption with AMD Memory Guard is included in AMD Ryzen PRO, AMD Ryzen Threadripper PRO, and AMD Athlon PRO processors. Requires OEM enablement. Check with the system manufacturer prior to purchase. GD-206.