Server refresh coming soon? Make server security a top priority.



With 720 million hack attempts every 24 hours worldwide1, limiting security to firewalls is no longer enough. VLCM’s Cybersecurity division recommends arming your infrastructure starting at the firmware level - right down to the silicon. 


If you are looking for server refresh anytime soon, or are wanting to boost your cybersecurity hygiene, Hewlett Packard Enterprise’s Silicon Root of Trust has changed the server security landscape. With breakthrough firmware technology, HPE servers now allow customers to protect, detect, AND recover from cyberattacks - with no additional cybersecurity purchases. HPE Servers are equipped with the latest security for servers and infrastructure security innovations to guard against AND recover from security attacks. 


Tell me more about the Silicon Root of Trust


This innovative inside-out security technology provides the first line of defense against cyberattacks - protecting your apps and data. The Silicon Root of Trust satisfies organizations’ need for a robust security foundation that permits only trusted firmware to be loaded onto the server, and that can rapidly mitigate the impact of firmware attacks. It is able to recover itself from attacks by malicious code to a known and secure state, with trusted firmware, and without manual intervention. 


Available on HPE Gen10 Servers, the Silicon Root of Trust is based on a hardware-validated boot process that ensures a computer system can only be started using code from an immutable source. This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit. If a hacker inserts a virus or compromised code into the server firmware, the configuration of the firmware is changed, creating a mismatch to the digital fingerprint embedded in the silicon. 


As it initiates, HPE Integrated Lights-Out 5 (iLO 5) firmware validates the basic input/output system and looks for the “digital fingerprint” of iLO firmware burned into the silicon chip. That immutable fingerprint verifies all the firmware code is valid and uncompromised.


If the validation fails at any level, iLO 5 and the Silicon Root of Trust will not allow the server to power on. Because HPE makes its own silicon chip and firmware, it is able to create a bond that cannot be broken between the two. 


Learn even more about HPE Silicon Root of Trust here.


Do you want to defend applications and data before your server is built?


HPE is the only major server manufacturer to produce made-in-USA industry-standard servers. The new servers include advanced security features that are built by vetted HPE employees in highly secure U.S. facilities as part of the HPE Trusted Supply Chain initiative. New HPE servers that are part of the HPE Trusted Supply Chain will offer the most comprehensive, end-to-end data protection by featuring a pre-installed layer of hardened security before the server is shipped to the customer.


Extending End-to-End Security for Entire Product Lifecycle


HPE further extends its security capabilities in a server from distribution and shipping, through its complete lifecycle while it is still active. The new features are built on top of the HPE-exclusive, silicon root of trust security technology, which has been recognized for the ability to reduce risk by insurers in the new Cyber Catalyst program from Marsh Insurance. Hardened security features activated during the manufacturing process will offer the following benefits:


  • Prevent booting of any compromised operating system (OS) by using new hardening to connect the server firmware security to the operating system by activating the UEFI secure boot


  • Reduce attack surface by placing servers in high-security mode to verify user authenticity, ensuring that more than four million lines of firmware code is valid and uncompromised


  • Prevent tampering of server firmware and hardware using server configuration lock to verify unauthorized addition of options (NICS, drives) or malicious activity by capturing the inventory or a “picture” of the server, its hardware and firmware at the factory to provide protection throughout the supply chain process


  • Alert customers with embedded alarm and physical lock if the server has been opened during the supply chain process when an intrusion detection latch, inserted on the server chassis, registers unauthorized opening even if the power is off


Keeping our customers safe and protected is of utmost importance to VLCM. If you have any questions about your current state of cybersecurity, or about HPE’s Gen10 Servers, please reach out to us to see how we can help you Get IT Right.


About VLCM Cybersecurity

VLCM’s Cybersecurity Team offers leading industry expertise to design, implement, and support the right cybersecurity solutions. VLCM’S Cybersecurity architects Get IT Right by implementing layered security strategies, and partner with a wide range of industry-leading IT security vendors to develop the best cybersecurity defense for your unique organization. 

1 CNBC 2016