How Secure is your Server?

Similar documents
Redfish: The next generation of server management automation

Oslo 30 October 2018

END-TO-END SERVER SECURITY: THE IT LEADER S GUIDE

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Dell PowerEdge 13G Server Security

How Microsoft Azure Stack Streamlines Bi-Modal IT

Technical White Paper: Cyber Resilient Security in 14th generation of Dell EMC PowerEdge servers

Dell EMC PowerEdge Servers 14G

COMPLETE AGENT-FREE MANAGEMENT OF POWEREDGE SERVERS

Best Practices in Securing a Multicloud World

Toward A Single Pane Of Glass - Management Consoles & Integrations

OpenManage Integration for VMware vcenter Version 4.2. Compatibility Matrix

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity with Automated Certificate and Password Management for Surveillance

IPM Secure Hardening Guidelines

Project Cerberus Hardware Security

POWEREDGE RACK SERVERS

The Bedrock of the Modern Data Center

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

HPE ProLiant Gen10. Franz Weberberger Presales Consultant Server

Security: The Key to Affordable Unmanned Aircraft Systems

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Datacenter Security: Protection Beyond OS LifeCycle

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

DELL EMC VxRack System FLEX Powered by ScaleIO: HCI Rack-Scale Technical Deep Dive

1560: Storage Management & Business Continuity Strategy and Futures

OpenManage Integration for VMware vcenter Version 4.1. Compatibility Matrix

Copyright 2016 EMC Corporation. All rights reserved.

The Road to a Secure, Compliant Cloud

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Cybersecurity in Government

Integrated and Hyper-converged Data Protection

Dell EMC PowerEdge Installation, Management and Diagnostics

What is Dell EMC Cloud for Microsoft Azure Stack?

HPE Hyper Converged. Mohannad Daradkeh Data center and Hybrid Cloud Architect Hewlett-Packard Enterprise Saudi Arabia

Seagate Supply Chain Standards and Operational Systems

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

Oracle Solaris Virtualization: From DevOps to Enterprise

#techsummitch

Node-o-rama GLOBAL SPONSORS

Dell EMC OpenManage Enterprise Version 3.0 Release Notes

SECURING DEVICES IN THE INTERNET OF THINGS

Oktober 2018 Dell Tech. Forum München

Storage as an IoT Device Roundtable Walt Hubis, CISSP Tom Coughlin

VxRail: Level Up with New Capabilities and Powers GLOBAL SPONSORS

Procurement Language for Supply Chain Cyber Assurance

Acronis Backup. Acronis, All rights reserved. Dual headquarters in Switzerland and Singapore. Dual headquarters in Switzerland and Singapore

DELL EMC VXRACK FLEX FOR HIGH PERFORMANCE DATABASES AND APPLICATIONS, MULTI-HYPERVISOR AND TWO-LAYER ENVIRONMENTS

3/26/2018. Hyperconvergence. CreekPointe, Inc. Introductions Hyperconvergance Defined Advantages Use Cases Q&A Close. Mike Clarke, CreekPointe Inc.

Twilio cloud communications SECURITY

The threat landscape is constantly

Dell EMC All-Flash solutions are powered by Intel Xeon processors. Learn more at DellEMC.com/All-Flash

Security Challenges: Integrating Apple Computers into Windows Environments

Transforming Security Part 2: From the Device to the Data Center

Cybersecurity Roadmap: Global Healthcare Security Architecture

Ransomware A case study of the impact, recovery and remediation events

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Who s Protecting Your Keys? August 2018

Make security part of your client systems refresh

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Evolved Backup and Recovery for the Enterprise

Securing the Data Center against

IT Redefined. Hans Timmerman CTO EMC Nederland. Copyright 2015 EMC Corporation. All rights reserved.

Introduction to HPE ProLiant Servers HE643S

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android)

Security in NVMe Enterprise SSDs

Dell EMC ScaleIO Ready Node

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Integrated and Hyper-converged Data Protection

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

Technical Brief Distributed Trusted Computing

the SWIFT Customer Security

DATACENTER SERVICES DATACENTER

Securing the SMB Cloud Generation

HPE VMware ESXi and vsphere 5.x, 6.x and Updates Getting Started Guide

Copyright 2018 Dell Inc.

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Dell EMC XC Series: Expanding the XC Series Ecosystem to Empower your Virtualized Applications

AKAMAI CLOUD SECURITY SOLUTIONS

McAfee Network Security Platform 8.3

OpenManage Integration for VMware vcenter Version 4.3

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Seqrite Endpoint Security

Cisco Security: Advanced Threat Defense for Microsoft Office 365

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

IoT & SCADA Cyber Security Services

locuz.com SOC Services

SECURITY SERVICES SECURITY

GSE/Belux Enterprise Systems Security Meeting

BL ProLiant ML DL Admin HP ProLiant ProLiant agent HPE. HP ProLiant Gen8/9

CLOUD WORKLOAD SECURITY

Securing 14th generation Dell EMC PowerEdge servers with System Erase

Sales Presentation Case 2018 Dell EMC

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Mohan J. Kumar Intel Fellow Intel Corporation

Transcription:

How Secure is your Server? Key Things To Consider For Building A Safe, Robust IT Infrastructure Mukund Khatri Sr. Distinguished Engineer / VP Server & Infrastructure Solutions Rick Hall Sr. Product Planning Manager, Server & Infrastructure Solutions

Navigating Cyber-Risk is as challenging as ever Most businesses vulnerable to cyber attacks through firmware, study shows. More than 100 malwares searching for Spectre & Meltdown vulnerabilities. 13 flaws found in AMD processors, AMD given little warning New SCADA Flaws Allow Ransomware, Other Attacks City of Atlanta Hit with Ransomware Attack New malware increased by 10% in Q3, to a record high of 57.6 million samples. Malware-as-a-Service and the affordability of spam botnets (as low as $200 USD per million messages) provide criminals with a low barrier of entry. 2

Enterprises struggle to manage security Business IT Security Data everywhere High impact breaches Increasing privacy regulations Rising risks and costs 3 in 4 say security is retrofitted 75 Avg. number of security tools 3.5M Security talent shortage by 2021 At stake: Trust and confidence 3

Security ranks highest in server purchasing criteria *Hardware includes BIOS and Firmware. Others include Past experience with products Certified support for specific workloads/ applications Speed of deployment Power requirements Source: Value of Secure Server Infrastructure Web Survey 2018, IDC, February, 2018 Overall Rank - When it comes to evaluating the purchase of server infrastructure, what are the three most important selection criteria for your organization? N=301 4

Security must comprehend server infrastructure Cloud Continued focus & $$$ Firewall Applications Server Platform Design is as critical as OS and Applications Often overlooked + Persistent & Stealthy Hypervisor / OS Firmware (BIOS, BMC, HDD, ME ) Hardware Platform design 5

Designing security for server platforms is complex Physical Security: Locks, Ports, Intrusion Detect Secure Decommissioning - Server & Data Data Protection : At-Rest & In-flight Conformance to TCG, DMTF, NIST, other Standards Role-based Access Control Resilient Firmware Architecture Audit Logging & Alerting Robust Security Development Lifecycle, Supply Chain Assurance Centralized Vulnerability & Patch Management New Silicon features: CPU / Chipset IO Devices / FPGA Security Needs to be Built-in, Not Bolted-on 6

Cyber Resilient Architecture in PowerEdge servers EFFECTIVE PROTECTION RELIABLE DETECTION RAPID RECOVERY 7

Secure Firmware Updates : NIST Guidelines Firmware is an attractive target! Dell EMC Server Firmware Stealthy Persistent Powerful CPU/Chipset BMC BIOS Opportunistic Challenging to Secure NICs, CPLD PSUs FC HBAs NIST SP800-147B NIST SP800-193 (draft) Storage Controller Storage Drives 8

PowerEdge Secure Boot : Silicon Root of Trust BOOT UP LIFECYCLE idrac9 Immutable Silicon RoT ROM V idrac9 Boot Block / Uboot V idrac9 Linux & Applications Monitor Cryptographic Update Fused-in Public Key Recover to N image on any V-failure Conceptual idrac9 Boot Process Config Lockdown Drift Detection End to End cryptographic verification of server firmware is critical 9

PowerEdge Secure Boot & Platform Resiliency Conceptual Server Boot Process OS extends Chain of Trust Maintenance Crypto Signed FW Update UEFI Secure Boot BIOS Boot Block Code CPU Domain H/W Root of Trust Verification for Option ROMs Rest of the BIOS Code Verify OS Boot Loader Rapid Recovery Cyber Resilient BIOS Recovery Configuration Recovery Rapid OS Recovery End to End cryptographic verification of server firmware is critical 10

Innovations to protect your business System Lockdown / Drift Detection Virtual lock for preventing server configuration or firmware changes Alternative is to monitor and alert on changes ( Drift Detection ) Hardware Root of Trust An immutable silicon-based root of trust to securely boot idrac and BIOS firmware Rapid recovery to a trusted image when authentication fails Secure Default Password Prevents against inadvertent exposure of new idrac s on unprotected networks Encourages stronger password policies (rather than the tendency to use generic default passwords) Dynamic USB Port Enable Allows USB port disable for normal operation in secure environments Dynamically can be unlocked via idrac authentication when needed without rebooting the server OS Image Rapid Recovery Allows booting of a trusted backup OS image stored in hidden, protected storage System Erase Quickly and securely erase internal server storage devices including HDD, SSD, and NVMe drives Wipe all user configuration and log file information 11

Automate Deployment of Server Security Policies with OpenManage Easily automate security policies for your server infrastructure Intelligent automation at your fingertips Powerful automation APIs like our idrac Restful API with Redfish idrac with Lifecycle Controller OpenManage Enterprise management console Deep integrations with consoles like Microsoft System Center or VMware vcenter Plug and play Zero Touch automation Script Automation GUI 12

Examples of Securing Server Operations DEPLOY UPDATE Employ LDAP or AD for user & role authorization Customize the idrac log-on security notice Restrict users to a specific IP range Dell EMC signed firmware updates Use System Lockdown to prevent unwanted or malicious changes to firmware Use System Erase to securely wipe all user data from drives and non-volatile memory Use the idrac Direct dedicated USB port to locally remediate server or OS issues MAINTAIN Alert for configuration or firmware changes Use SNMP v3 or Redfish eventing Monitor for chassis intrusion events MONITOR 13

Rapid, timely response to new CVE s is critical Common Vulnerabilities and Exposures (CVEs) are newly discovered gaps in software cybersecurity CVEs can occur due to new vulnerabilities in several aspects of remote server management Dell EMC works aggressively to quickly respond to new CVEs 14

Emerging Technologies Bring New Security Challenges Devices with downloadable code EDGE Servers Software Defined Datacenter Running networking on standard x86 servers Governance boundary Trusted hardware in the cloud Cloud Computing Dell EMC Servers best positioned to tackle emerging threats 15

Security Transformation Portfolio Strategy UNIFIED Business Risk Management TRUSTED Expert Advisory Services ADAPTABLE Advanced Security Operations RESILIENT Secure Modern Infrastructure 16

Key Takeaways Security of the Server Infrastructure Matters! New class of attacks targeting your server infrastructure Dell EMC PowerEdge servers provide industry leading security capabilities to protect against these new threats Dell EMC is your trusted partner to provide the secure foundation for your enterprise & cloud Dell EMC PowerEdge Servers are the Bedrock of Modern Datacenter 17

PowerEdge Server Tech Track Sessions Session Title Code Times Locations The Eye on AI : Demystifying Deep Learning, Machine Learning and In-Database Acceleration with PowerEdge Server.01 Tuesday 8:30 AM Thursday 11:00 AM Palazzo L Palazzo K The 4 Things You Need To Know Before Building Your AI Or Analytics Solution Server.02 Monday 3:00 PM Wednesday 8:30AM Murano 3205 Palazzo P How Secure Is Your Server? Key Things To Consider For Building A Safe, Robust IT Infrastructure Server.03 Tuesday 1:30 PM Wednesday 12:00 PM Palazzo N Palazzo K Get The Competitive EDGE: How To Transform Infrastructure At The Edge Server.04 Monday 1:30 PM Wednesday 8:30 AM Lando 4205 Palazzo I Discover How To Increase Data Center Infrastructure Agility With Gen-Z & Modular Server Platforms Server.05 Tuesday 3:00 PM Thursday 8:30 AM Lando 4201A Lido 3001A Best Practices of OpenManage Enterprise - Modernize your Infrastructure Management Server.06 Tuesday 12:00 PM Thursday 11:30 AM Delfino 4005 Lido 3003 19

PowerEdge Server Tech Track Sessions Session Title Code Times Locations Explore The Possibilities Of Machine Learning For Your Organization Server.07 Tuesday 3:00 PM Thursday 11:30 AM Palazzo P Lido 3001A Simplify Your Server Lifecycle Management Server.08 Monday 12:00 PM Wednesday 3:00 PM Marco Polo 701 Palazzo N Hidden Secrets To A Transformed Data Center Server.09 Tuesday 8:30 AM Thursday 1:00 PM Lando 4203 Lando 4201A Pivotal & Dell EMC Guide To Containers & Microservices: Future Server Platforms For "Serverless" Computing SAB.05 Wednesday 3:00pm Thursday 11:30pm Palazzo O San Polo 3405 Best Practices In Managing Dell EMC PowerEdge Servers & VMware SAB.06 Monday 8:30am Wednesday 1:30pm Lando 4205 Lido 3003 Download Dell EMC Power Chips game on Android Google Play and Apple App Store 20 Visit booth #325 for more details

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback