Infrastructure Insights
cancel
Showing results for 
Search instead for 
Did you mean: 

Exploring Innovative Server Security for CTOs

Shiva_Dasari

While following industry standards helps safeguard servers, the cyberattack risk is so great that HPE ensures ProLiant servers are secure. How? By also applying silicon security to protect the firmware.

Blog_CTO_CyperSecurity.jpgWorldwide, 720 million hack attempts occur every 24 hours. But businesses don’t always know something evil is lurking in their IT infrastructure. It takes the average business 99 days to detect malicious code—that’s a big problem because companies lose $9M on average each year due to cybercrime.

What makes things even more difficult for CTOs trying to protect their digital assets is that security is a constantly moving target. IT security management tools need to change because hackers go where they find the least resistance. With today’s defenses focusing primarily on protecting software, cybercriminals are turning toward the firmware and hardware layers.

Security measures must go beyond industry standards

While protecting hardware requires following industry security standards, the risk of cyberattacks is so great that businesses must innovate to ensure servers leverage additional levels of protection. This includes silicon-level security to protect the firmware.

Once attackers gain control of the firmware, they will have access to all the resources in the system and can manipulate everything on the device. Compromised firmware can also go undetected for months, as there is no good way for standard scan tools to detect this. The ability to be stealth while gaining access to all resources makes it a perfect target for sophisticated attackers.

To fully protect the firmware, server manufacturers need to closely oversee their entire firmware supply chain. There’s always the chance firmware can be compromised before it reaches customer data centers.  HPE Gen10 ProLiant servers uses built-in technologies to detect any firmware supply chain attacks. This assures that in spite of Secure Development Lifecycle processes, if something goes wrong it will be detected and corrected. The firmware should also be verified each time a server boots up, and then recover to a known good state if a compromise does happen occur.

 If the server OS is compromised, the firmware must be protected and configured so it’s isolated and immune from the OS-based attack.

Full protection across the firmware security lifecycle

HPE brings expanded IT security infrastructure capabilities that you can rely on to protect your servers. On every HPE Gen10 ProLiant server, HPE builds in its own silicon to create a silicon root of trust, an immutable fingerprint that can never be changed. That fingerprint does not allow the server to boot up if the firmware has been compromised.

The root of trust begins with the HPE iLO management controller, an HPE-specific design that is much more advanced than generic controllers offered by other vendors. HPE iLO intellectual property is owned solely by HPE, and we own the firmware as well—backed by a strict process for both access and sign-off on changes.

Our HPE ProLiant servers are built based on industry standards that we have helped drive and promote. Wherever standards don’t exist yet, HPE innovates to protect our customer IT infrastructure and stay ahead of the attackers. Some of the examples of HPE innovations include Silicon root of trust, firmware supply chain attack detection, secure recovery, periodic verification of the firmware, and isolation of the firmware. Also, operating system is verified before it is launched.

With all these layers of security, businesses are assured of data protection across the entire firmware lifecycle.

Securing infrastructure while also controlling costs

Taking this infrastructure-focused approach to security is vital in light of the steady rise in the number of successful attacks over the past five years, and businesses of all sizes are feeling the impact. While deploying security measures is critical, so too is the need to control costs.

How can your company keep costs low and give employees new tools to work with while also protecting digital assets? This Ponemon Report illustrates how several myths seem to slow down the pace at which businesses are deploying sufficient enterprise IT security measures. It’s important to avoid these roadblocks to ensure sufficient security is in place. The bad guys lurking around the world aren’t going away anytime soon.

0 Kudos
About the Author

Shiva_Dasari

Shiva Dasari is the Chief Technologist of HPE Data Center Infrastructure Security and is responsible for security technology, architecture, and strategy of Servers, Storage, and Networking. He also serves as a Board Director of the Trusted Computing Group (TCG). He has over 30 patents and is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Cloud Security Professional (CCSP). He regularly speaks at industry conferences and participates in government panels. He has also published multiple papers on platform security.

Events
Nov 27 - 29
Madrid, Spain
HPE Discover 2018 Madrid
Learn about all things HPE Discover 2018 in Madrid, Spain, 27 - 29 November, 2018.
Read more
See posts for
dates/locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
View all