Do Security Worries Wake You Up at Night?

Sleep Soundly with Secure Silicon from HPE

Chris Mathews

It’s 3:00 a.m. and your phone rings. Still half-asleep, you fumble for your phone and manage to answer. What comes next are three words that no IT administrator wants to hear.

“We got hacked.”

Unfortunately, this is a far too common situation. Equifax. Dyn. Target. TJX. Home Depot. And those companies are just the highest of high-profile. How many times do smaller companies suffer the same fate and we don’t even hear about it?

Attacks like the ones on the above companies follow a similar path—the intrusion begins at a weak endpoint, like a printer, or IoT device, like a Wi-Fi thermostat. Then it travels to the data center, where the real damage is done. If there were a server that was secure at the silicon level, you would be much better protected against one of the 720 million hack attempts that happen every 24 hours worldwide. You might also avoid the $9 million (on average) your company might lose due to attacks like these.

And what do you know? There is a server that’s secure right down to the silicon level. In fact, it’s the world’s most secure industry standard server.1 It’s the HPE ProLiant Gen10.

HPE ProLiant Gen10 servers include a unique digital fingerprint, called a Silicon Root of Trust, in the silicon of each server. The Root of Trust verifies certain security functions and provides the ability to test and verify the integrity of other such functions. This ensures that a server never boots up if its firmware has been compromised or tampered with in any way. Because system firmware is anchored to the Root of Trust, a system will not boot up even if an attacker replaces the entire Unified Extensible Firmware Interface (UEFI) and HPE Integrated Lights Out (iLO) code. In many modern computers, the UEFI has replaced BIOS as the first module to run when the system boots up. iLO is a proprietary HPE technology for remotely managing servers.

The security check doesn’t just happen at boot; these servers also continue the same verification on a continual basis while the server is running. The HPE iLO chipset runs a daily verification check on HPE iLO firmware and UEFI BIOS, giving you the opportunity to quickly detect firmware compromises. Without daily security checks like these, a company that is compromised usually doesn’t detect the intrusion for an average of 99 days.

If a firmware problem is detected, your administrators have the option to restore the affected firmware to its last known good state or to a factory default setting. In the unlikely event of a firmware compromise, the HPE iLO chipset automatically loads its own authenticated firmware from an integrated backup stored in nonvolatile memory. If the system firmware is compromised, HPE iLO tries to recover from a backup copy or alert the administrator.

The new features of HPE ProLiant Gen10 don’t stop at security. These servers include the new Intel Xeon Scalable Processor family with up to 28 physical cores per processor. Intelligent System Tuning, exclusive to Gen10, is a new set of server tuning technologies developed in partnership with Intel, which dynamically tunes your servers to match the unique needs of each workload. It levels and balances frequency fluctuation and enables higher performance across fewer processors.

Max memory speed is up to 2666MT/s using HPE DDR4 SmartMemory, which is up 11% over ProLiant Gen9 performance. Gen10 also supports the world’s fastest persistent memory2 using 16GB NVDIMM chips for a max of 192GB per server. Other improvements include better and wider GPU support for advanced VDI installations and more flexible storage configurations, including enhanced NVMe capability.

HPE ProLiant Gen10 provides agility to deliver business results, security to protect your digital assets, and economic control for your bottom line. That’s the type of combination that would make any IT administrator sleep easier—and more importantly—all the way through the night.

How secure are your servers? Do you feel confident in your organization’s ability to detect and protect against a breach? Share your security insights with us in the comments.

1 Based on external firm conducting cyber security penetration testing of a range of server products from a range of manufacturers, May 2017.

Chris is a Solutions Specialist for Converged Data Center at Connection. He has more than 20 years of experience in computing technology including data center and security technology and is an HPE Accredited Technical Professional in Server Solutions, an Aruba Certified Sales Specialist, and a VMware Sales Professional. In his earlier days, he was a professional musician, and he now loves to travel with his wife and daughter and root for the Boston Bruins and Boston Red Sox.