Cybercriminals have raised the price on poor security. But you can stay three steps ahead of hackers with HPE Cloud Volumes Backup, HPE Infosight, and a host of other anti-ransomware tools and strategies.
By Christelle Tape, Product Manager for Server Security
Thereโs one thing we know for certain when it comes to cybersecurity: bad actors will never stop innovating and attacking. So, enterprises, nations, and individuals must stay vigilant, racing to stay ahead of would-be hackers and criminal organizations.
In our cybersecurity month blog series, weโve looked at how to secure the edge with zero trust architecture, lock down firmware with security built into the boot process, reduce the collateral damage of ransomware attacks with advanced disaster recovery, and coordinate on a global scale to prevent economic disasters.
Hopefully, these blogs have prompted your team to take a step back and reevaluate your security posture. Are there any vulnerabilities in your IoT environment? Do you have full visibility into your datacenter supply chain? If your data is taken hostage, can you recover vital information to keep your organization running?
Do these questions have you worried? The good news and the bad news are the same: youโre not alone:
- 64% of organizations lack confidence in the state of their security posture
- 65% lack confidence that they can detect an inside attack before breakout occurs
- 56% of executives say their response to security is reactive, not proactive
With so many organizations feeling unprepared for the security challenges ahead, weโve developed a cybersecurity checklist to help you evaluate, patch, and innovate your ecosystem to prevent the attacks of the future. Based on the National Institute of Standards and Technology (NIST) framework, our checklist is founded on three pillars: Protect, Detect, and Recover. By standardizing and improving your security plan before, during, and after potential threats, you can gain some peace of mind that when the inevitable happens, youโll be prepared.
Protect
For all the energy drinks that hackers consume, theyโre really quite lazy. Cybercriminals will often go for either the biggest score or the lowest hanging fruit. By protecting your environment with advanced hardware, software, and security protocols, you can stave off most attacks.
First, evaluate your data. Ask the important questions: what kind of data needs protecting more than others? Are you storing customer data, proprietary information, or benign transactional data? How is your data usedโis it accessed frequently and critical for daily operations? When is your data most vulnerable? Where is your data stored when itโs not in use? Why would a criminal want to steal or compromise your data?
Questions like these will help you begin to map out the best solution to mitigate risk. Then, youโll be able to define where lines should be drawn, when access should be granted, and who needs access.
The Protect phase doesnโt begin when you plug in your servers for the first time, it begins all the way at the start of production. Server components can be tampered with on the way to a factory, or the assembled servers could be infected with malware before they arrive at your datacenter. HPE has addressed these concerns with a number of technologies and processes including our Silicon Root of Trust, HPE Integrated Lights Out (iLO), and a secure global supply chain. These extra layers of protection can save you time, effort, and money in the long run by preventing the kinds of attacks that hit the core of your systems.
You should also consider adopting a zero trust approach to security. With the swell in remote work and increasing importance of edge environments, this philosophy helps enterprises manage access and reduces the risk of human error.
At first glance, zero trust may seem like a great way to slow down workflows and bottleneck operations. But technology has caught up to the philosophy. HPE leverages SPIFFE (Secure Production Identity Framework For Everyone), a secure identifier certificate assigned to workloads, and SPIRE, the runtime environment for SPIFFE, to learn standard user and system behavior, making it much easier to detect when something is outside the realm of normal activity. Suddenly, the repetitive authentication required for zero trust isnโt such a burden.
Here are some additional security practices to evaluate in the protect phase:
- Zero trust approach
- Comprehensive risk assessment
- Layered security plan across hardware, software, network, and physical access
- Modern and updated hardware and software
- Regular patch management and updates for OS and apps
- Server security
- Strong passwords and access control
- Data encryption at rest, in motion, and in use
- Secure data communications with VPN
- Regular, ongoing employee training
- Regulatory compliance
- Data disposal plan and remote wipe capability
Detect
So, the inevitable happened and youโve been attacked. How soon after a virus infects your systems will you be notified? Much like in medicine, identifying cyberthreats early can speed your recovery and provide more options for mitigation and remediation. And as regulatory pressure mounts for organizations to disclose details around attacks, your brand is at stake if customer data is vulnerable for months before being detected. Companies that contain a breach in less than 30 days save more than $1 million compared to those who take longer.
Proper detection involves two crucial elements that work together to alert your teams of vulnerabilities: the technology element and the human element.
HPE builds advanced technologies into our servers to consistently and proactively monitor your systems. Artificial intelligence speeds up this process by automating detection systems and surveilling your environment to identify vulnerabilities or atypical activity. Every second, HPE InfoSight collects and analyzes data from more than 100,000 systems worldwide, predicting and automatically resolving 86% of customer issues. With HPE iLO Advanced, enterprises can leverage secure configuration lock to register alterations to firmware or hardware components at boot.
No amount of technology can fully replace an intelligent and coordinated team of IT security professionals. On top of training your workforce on issues like phishing, device protection, and other sources of human error, security teams work diligently to customize alerts and manually monitor your datacenter. HPE can supplement your security teams with HPE Pointnext services, helping you map out the best path using the right mix of people, processes, and technologies to securely deploy and manage servers.
Other essential items to check for in the detect phase include:
- Enable runtime firmware verification
- Conduct background checks for employees and contractors
- Audit disabled accounts
- Monitor and log server activity
- Monitor hardware
- Regularly update antivirus protection
- Employ teams to monitor the environment or solution
Recover
Sixty percent of organizations report experiencing at least one attempted ransomware attack in the last 12 months. Thatโs 3 out of 5 enterprises that paid out huge sums to recover or gain back access to their valuable data in the last year. When no company is completely safe, your plan for remediating attacks becomes ever more important.
Whatโs your disaster recovery strategy? How can you ensure business continuity in the event of an attack? How long can you stay in business without access to your data?
A key element for every plan is a good backup. As my colleague, James Morrison, says: Backup, backup, and backup again. Backing up is often seen as the easiest way to mitigate loss if an attack does happen. Protect your backups by storing them off network, offsite, or in an immutable backup that is unchangeable for a set period of time.
You can also incorporate a strategy to limit your losses. Through secure runtime verification, HPE iLO Advanced not only verifies the integrity of essential firmware and detects any compromised code or tampering, but also allows you to recover to the last known good state and facilitates OS and application recovery.
Because there are so many types of security threats to consider, a one-size-fits-all protocol wonโt cut it. Rather, develop a multi-tiered hierarchy of responses and action items and teach it to everyone with server access. This will ensure two things: avoid an over-reaction that could affect systems that were untouched by the threat, and more importantly, avoid a too feeble response that fails to combat the threat sufficiently. To this end, responses to security breaches, cyber-attacks and specific types of malware should all have their own protocols.
When your plans are in place, go one step further and test them out. Simulating the worst-case scenario is good practice for when a disaster actually strikes, giving employees the confidence to stay calm and take the right steps in the right order. These responses will mitigate loss and help operations continue until things are restored to a healthy state.
To recover from an attack, be sure to check off these boxes:
- Regularly tested backups
- Planned attack response for breaches or security incidents
- Tested disaster recovery plan
- Business continuity plan
See you next Cybersecurity Month!
With the headlines piling up and new technologies perfected every day, I think every month should be cybersecurity month. It will be fascinating to see how trends evolve and technologies keep pace with the bad actors that keep us security professionals up at night. Take some time to reevaluate your systems, and weโll be back next year with a new batch of strategies and technologies to help you weather any storm.
Until then, follow our checklist to shore up your cybersecurity and lock down your data. And visit us at www.hpe.com for more!
Compute Experts
Hewlett Packard Enterprise
twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
ComputeExperts
Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.
