AI Insights
Showing results for 
Search instead for 
Did you mean: 

Safeguarding Your Business Against Rogue Employees


With inside access, rogue employees represent the biggest threat to your digital assets. Get the levels of protection, detection, and recovery you need—all the way down to the firmware level—from HPE Gen10 servers.

Blog_IT_Secure_Rouge.jpgGiven the cybersecurity climate in recent years, most businesses have deployed advanced enterprise IT security defenses, focusing primarily on stopping external hackers. Yet it’s even more important to consider internal threat actors—including rogue or disgruntled employees at your company as well as those who work for business partners that have integrated IT systems. These two groups pose a potential security risk.

When one of your own employees breaches your infrastructure security architecture and steals sensitive data, you are just as liable as if you suffered a cyberattack from an external hacker. Regardless of who it is, if the wrong person gains access to your data center, your servers can be compromised. Even worse, you may not discover the breach until much later.

And don’t forget ex-employees that might still have access to your network. A recent survey of 600 IT decision makers revealed that 58% of former employees are still able to access corporate networks after they’ve left the company. This is not really surprising, given that the same group indicated that 24% have suffered data breaches by former staff.

The security trifecta: protection, detection and recovery

To minimize security threats from the inside, it’s essential to monitor employees. But even enacting the most sophisticated cybersecurity protocols won’t completely prevent disgruntled employees from infiltrating your system hardware. That’s why it’s so critical to go beyond the perimeter security defenses that keep cybercriminals out—fortifying your infrastructure with an in-depth defense that not only protects but also detects an intruder and recovers from any damage that may have been done.

To defend your IT infrastructure against rogue employees and those who work for your close third-party business partners, it is essential to partner with a server provider that takes security seriously and delivers new and differentiated technology.

  • Protection against firmware attacks can be enabled by servers with a silicon-anchored chain of trust. At boot-up, the management controller is the first device initialized. The system cannot continue without that first handshake, which sets the controller as the basis for the entire secure initialization. Handshakes continue to extend the protection throughout the motherboard all the way up to the operating system and applications, ensuring a clean handoff of known good credentials with a continuous protection stream.
  • Detection uses intelligence to better detect anomalies, adding encryption down to the component level. Detection can be enabled through daily automatic scanning of the firmware. Upon discovery of compromised firmware code or malware, the server will then launch into recovery mode.
  • Recovery from the insider attack that bricked servers (meaning essentially turning the server into an expensive brick!) because the attacker had access to the company network. Multiple choice points are available—recover to the last known good state, recover to the initial factory settings, or don’t recover at all and take the server off-line for further evaluation.

Security from the very beginning of each server’s life

We at HPE are ready to help you take on the challenge of rogue employees with our HPE Gen10 solutions.  We provide the world’s most secure industry-standard servers with unprecedented levels of protection, detection and recovery.

What makes our HPE Gen10 ProLiant servers so secure? We manufacture our own custom chipset for our firmware and anchor the firmware into the bedrock of the silicon. Our servers also continuously monitor the firmware to determine if any compromised code has been inserted. If a compromise occurs, the servers revert the firmware back to a previous version of firmware that was validated to be free from any compromise or malware. Watch to learn more about how we create the world’s most secure industry-standard servers:

Our ProLiant servers also support the new Commercial National Security Algorithm (CNSA). HPE is the first server manufacturer to adopt the CNSA cryptographic suite, the highest level of IT security protection in the industry. With all of these protective measures, it no longer takes an extended time to determine if malware has been inserted. And that’s key because many businesses go weeks or months without realizing a breach to their firmware has occurred.

Before we build each Gen10 ProLiant server, we install the Silicon Root of Trust into our iLo 5 silicon at one of our fabrication locations. Only HPE can do this because we’ve invested in developing our own custom-made HPE silicon chip. This varies drastically in comparison to most of our competitors, who buy their silicon off the shelf, from third-party suppliers. This allows HPE the unique capability of building-in security before the server even goes into production at one of our factories.

Staying ahead of rogue employees

Even though rogue employees continue to evolve with increasingly sophisticated attacks, HPE offers a strategy to help you stay ahead of the threats. To find out exactly how our firmware security protection, detection and recovery capabilities lock down servers, check out this white paper from Moor Insights.

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.

Online Expert Days - 2020
Visit this forum and get the schedules for online Expert Days where you can talk to HPE product experts, R&D and support team members and get answers...
Read more
HPE at 2020 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2020
Read more
View all