Skip to content
InTechnology Podcast

Looking for Vulnerabilities Below the OS? Check Out Intel® Device Health (201)

In this episode of InTechnology, Camille gets into endpoint vulnerability management beneath the OS with Intel® Device Heath with guest Novin Kaihani, Senior Director and GM of Client Software Products at Intel. The conversation covers why finding endpoint vulnerabilities at the OS level and below can be so challenging, along with a quick overview of how the endpoint vulnerability management product works.

About Intel® Device Heath:

Today’s organizations often lack complete visibility into the health and security of their PCs, especially below-the-OS. Typical PC scans focus on vulnerabilities found in OS and applications levels. Few have the expertise to decode areas of vulnerability in the firmware and hardware levels, yet this where attacks can be catastrophic. Intel Device Health is a cloud service that uses telemetry at the firmware and hardware levels to complete the picture of a PC’s overall risk from vulnerability. To learn more about implementing Intel Device Health throughout your fleet, connect with an Intel, VMware, or Eclypsium sales rep.

To find the transcription of this podcast, scroll to the bottom of the page.

To find more episodes of InTechnology, visit our homepage. To read more about cybersecurity, sustainability, and technology topics, visit our blog.

The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

Follow our host Camille @morhardt.

Learn more about Intel Cybersecurity and the Intel Compute Life Cycle (CLA).

Cybersecurity Challenges at the OS Level and Below

Novin explains that while there is plenty of security coverage for application OS vulnerabilities, there isn’t nearly enough coverage at the OS level and below. This is due to difficulties that come from identifying vulnerabilities with firmware, microcode, drivers, and many other complex issues. That’s where he says Intel and Eclypsium have partnered on Intel® Device Heath as a solution for endpoint security as a way to fill in that gap in the market and improve customer security. The Intel side identifies security vulnerabilities below the OS and highlights them to Eclypsium, whose product then verifies identification and either patches or remediates the found vulnerabilities.

How Endpoint Vulnerability Management Works

Camille and Novin then dive into how Intel® Device Heath works. Novin details how vulnerabilities below the OS are found at the OS level. The steps of the process are simple—scan platform data, compare it to a vulnerability database, and then notify the discovered vulnerabilities to companies like Eclypisum to then be remediated. However, the challenge comes from identifying the vulnerabilities out in the wild rather than in a controlled lab setting. There are many catalogs of vulnerabilities, but identifying correctly between known vulnerabilities and the specific endpoint is the most challenging part. Novin explains how a team of engineers mostly manually cross-checks, with some automated assistance. Ultimately, this type of endpoint vulnerability management is designed for IT organizations and businesses of any size. The best part is it provides a seamless experience by being built into the security products businesses already have, not requiring a separate download or installation.

Novin Kaihani, Senior Director and General Manager of Client Software Products at Intel

Novin Kaihani Intel Device Health endpoint vulnerability management OS security

Novin has been Senior Director and GM of Client Software Products at Intel since 2021. He started his career at Intel from 2004-2007 as a Network Engineer, and he has steadily been with the company since 2008. Some of Novin’s previous positions at Intel include Director and Chief of Staff & Technical Advisor for the Commercial Client Group as well as Director of Product Management & Business Strategy for the Data Center Group. He is a Cisco Certified Network Associate and has a degree in finance from Portland State University.

Share on social:


Camille Morhardt  00:12

Hi, and welcome to today’s InTechnology podcast. I’m Camille Morhardt, your host. And today’s topic is endpoint vulnerability management beneath the OS, very specific. And for that very specific topic, I have Novin Kaihani, who is GM of Intel’s Client Software Products Group. Welcome, Novin.

Novin Kaihani  00:33

Thanks for having me.

Camille Morhardt  00:34

So we’re just going to come right out and say you announced a product late last year in 2023 that addresses vulnerability management in endpoints, which are things like PCs underneath the operating system layer. But before we talk about the product, why would you be looking beneath the operating system? Isn’t that already happening?

Novin Kaihani  00:57

Yeah, great question. So much of what we see out there is around application OS vulnerabilities that are covered today; there’s quite a few vulnerability management services and companies focused in this space–it’s a core piece of, you know, the security posture of an IT organization. But that is only half of the stack,  OS and below don’t really get covered very well in the market today because it’s difficult to identify vulnerabilities with firmware, microcode, drivers, there’s all different versions, different packages of BIOS, it’s complex. And so what you see a lot in the market is OS and above because it’s relatively straightforward and included in many of the security solutions out there.

So what we’ve done is, “Hey, there’s an area that’s uncovered in the market and we have to make sure that the security posture of our endpoints is increased” and making sure that the full stack is covered.

Camille Morhardt  02:04

So you’re doing this in partnership, Intel is doing this in partnership with another company.

Novin Kaihani  02:10

That’s right. So we announced late last year a partnership with a company called Eclypsium. And what we’ve done is we have a service where we make it easy to identify security vulnerabilities below the OS in the wild, and we highlight those vulnerabilities to Eclypsium’s product that ensures identification and ultimately patching or remediation of those vulnerabilities. Because that’s at the end of the day what IT cares about is that they’re plugging those security holes throughout their entire stack. So we’ve just made it easy to identify those vulnerabilities in the wild.

Camille Morhardt  02:53

Because it’s below the OS, so is that happening, like at the chip level or the firmware level? Or can you not say, and it becomes unsafe? (laughs)

Novin Kaihani  03:04

So what we do is we identify what are the vulnerabilities below the OS, but we do it at the OS level. So we ensure that we can read platform information, understand, say, what versions of microcode, BIOS, firmware, drivers exist on the platform, we scan that platform data against our vulnerability database, and then signal those vulnerabilities to companies like Eclypsium to be remediated.

Now I will say, it sounds pretty straightforward. The challenge is identifying those vulnerabilities in the wild. Much of what exists out there is basically websites that catalogue, what vulnerabilities exist, but identifying those correctly between what’s published and what exists on a very specific endpoint, that’s the hard part.

Camille Morhardt  04:00

So you’re going through, is it called CVE? if I’m remembering correctly.

Novin Kaihani  04:06

You got it!

Camille Morhardt  04:07

All right. (laughs) I get my gold star for today. So there’s published known vulnerabilities that are made public and these would be like libraries of vulnerabilities, doesn’t mean they’ve been exploited doesn’t mean, there’s been an actual problem on your system, it just means the world has now become aware of this vulnerability.  And you’re going through the libraries and cross checking that with what the actual system is, and whether or not it’s maybe been patched or I don’t know, what are you cross checking it with?

Novin Kaihani  04:40

Yeah, so we have a whole team of engineers that actually work to convert those CVEs into something that is machine readable or developer friendly, however you want to think about it; because there is what is published, but what actual devices and different versions of again, driver, microcode, firmware exist, that rule set is what is very difficult to actually create and then match against a specific endpoint. And so it’s not enough to have as part of a vulnerability management system a catalog of CVEs; that’s published.  The challenging part is actually finding that vulnerability on a specific endpoint against a rule set that those CVEs represent.

Camille Morhardt  05:34

Is this something that you do in an automated fashion? Or are there engineers actually doing this manually?

Novin Kaihani  05:43

Yeah, so the rule set is both manual and automated, but I would say probably more heavily towards manual as they are cross checking all the different versions of say BIOS and how those BIOS versions get manifested into actual packages that land on an endpoint. They’re going through that entire rule set so that they ensure that there’s no false negatives, false positives, when a particular system gets scanned–that they are actually determining a specific vulnerability that may exist on that device.

Camille Morhardt  06:22

And is this basically designed for, like, an enterprise-level IT department or inventory, or we’re talking consumer-level?

Novin Kaihani  06:33

It’s meant for IT organizations or businesses of all sizes, really, because they are ones that are most at risk and have the most to lose if a particular vulnerability is exploited. And so we want to make sure that it’s as seamless of an experience for IT an organization. So it’s not a separate tool that you go download or install; it’s built into the security products that they have today. And that’s part of what we’ve done behind the scenes with our partnerships is to make sure that we are providing that capability to the security solutions that IT depends on so that it’s built into those products, again, so they’re not having to download or install or maintain a separate application just for below the OS vulnerabilities.

Camille Morhardt  07:25

Makes sense. And this is specifically for the PC, correct? Not other forms of endpoints?

Novin Kaihani  07:30

That’s right.

Camille Morhardt  07:31

And so it’s a V Pro?

Novin Kaihani  07:33

Actually, it’s all the Intel PCs–V Pro, and any commercial device that this service would be applicable to.

Camille Morhardt  07:42

Anything else we should know about it?

Novin Kaihani  07:45

We’re super excited. I know security is one of those areas that it takes a special person to get excited about. But the reason why we think it’s important is at the end of the day, the more we can do to increase somebody’s security posture, the better off the entire industry is.

Camille Morhardt  08:03

Thank you, Novin. And we have some links below for anybody who might want to follow up and learn a bit more.

Novin Kaihani  08:09

Thanks for having me.

The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

More From