simplify to secure
TRANSCRIPT
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.© Ingram Micro Inc.1
Simplify to SecureFireEye, HPE, and Ingram Micro
1511022 rev 11-23-15
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 2
• Jacob White – Moderator
− Technology Consultant for Security, Ingram Micro
• Robert Potter – Guest Speaker
− Vice President, Global Sales Operations, FireEye/Verodin
• Kurt Lacy – Guest Speaker
− Hybrid Chief Technologist, Hewlett Packard Enterprise
On Today’s Panel
1511022 rev 11-23-15
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 3
• Attacks are increasingly focused on people
• What’s old is new again
• The “perimeter” is quickly evaporating
• Shadow IT, industrial networks, and IoT sprawl
The Evolving Threat Landscape
1511022 rev 11-23-15
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 4
• Most admins are wearing (too) many hats
• Legacy systems and networks ripe for exploitation
• Difficult to tell if we’re having an impact
• Too many tools, not enough people
Challenges of Modern Security Posture
PLEASE
STOP
1511022 rev 11-23-15
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 5
Quick break to disable SMBv1
1511022 rev 11-23-15
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 6
• Email Security
• Network Segmentation
• Assessment tools for vulnerabilities and security controls
• Consolidating vendor deployments
How can we tackle these issues?
Across all industries, businesses rely on business continuity and critical assets to:
▪ Gain competitive advantage
▪ Drive revenue
▪ Protect shareholder value
▪ Deliver services
As a result, many have made significant investments to protect these assets.
Regulatory
Compliance
Regulatory Compliance
GDPR
Consumer
Services
Access to
Data
Critical Infrastructure
Business
Continuity
M & A
Intellectual Property
Protection
of Assets
Critical Data
R&D
Investment
Rationalization
Cybersecurity’s Relevance to the Business
Cyber Security Is Based On Assumptions
WE ASSUME:
Technologies
work as
vendors claim
WE ASSUME:
People are correctly
handling events and
processes are
effective
WE ASSUME:
Products are
deployed and
configured
correctly
WE ASSUME:
Changes to the
environment
are properly
understood,
communicated
and implemented
Path to Rationalization & Continuous Improvement
Are our controls working the way we expect them to?
Are they properly configured?
Are we able to increase the efficiency of the dollars already spent?
Are we using the full value of our existing tools?
Are we maximizing ROI?
Where are our overlaps and true gaps?
Can tools be removed from the stack?
Can we simplify the environment?
Demonstrate improvement over time
CONTROL
EFFECTIVENESS
KNOWN GOOD
BASELINEOPTIMIZATION RATIONALIZATION
Continuous Validation
Environmental Drift Detection
Securing everything, everywhere
Kurt LacyChief TechnologistHewlett Packard Enterprise - November, [email protected]
15
HPE Global Security Update
“We were hit with ransomware called SamSam, and
just about every machine we had on our network was
locked. Business was at a standstill. We did have a
mixed environment in our data center, and the HPE
servers were not impacted.”
– Chad Spears, IT Director,
Healthcare Company
Watch the video
Cyber Catalyst Designation (NEW – Oct, 2019!!!)
− Provides clarity in selection of cybersecurity products from
Marsh (Experts/Insurance Industry Analysts)
− Select products that have a meaningful impact on their cyber
risk
− Delineates which products their insurers value most from risk
underwriting perspective
− May qualify for enhanced terms & conditions
Customer Benefits
− Only server manufacturer with HPE Cyber Catalyst
Designation
− HPE Gen10 ProLiant, Apollo, Synergy, and Edgeline EL8000
− HPE Aruba Networking Firewall
(Policy Enforcement Engine)
HPE Involvement
Cyber catalystsm Meeting an important market need
$4 billion* global cyber insurance
market
FASTEST growing insurance in the
world today
Global Security Threats
Cyber crime will costthe world economy
$6 Trillionby
2021*
Global spending on cybersecurity
is expected to top
$120 billionin
2019*
20
Thousands of cybersecurity firms offer products designed to mitigate and combat cyber risk, but companies find it challenging to evaluate those offerings given limited resources and expertise
*Cyber security business report, October 19, 2017, by Steve Morgan*Cyber Catalyst: Sparking Change in Cyber Risk Management, 2019, by Marsh *Cyber Catalyst: Sparking Change in Cyber Risk Management, 2019, by Marsh
CYBER CATALYST SM DESIGNATION WITH HPE FROM EDGE TO CLOUD
21
2 HPE Solutions submitted
Silicon root of trust1.3M Gen10 servers installed WW
Secure foundation for all HPE Gen10 servers -ProLiant, Apollo, Synergy, Edgeline 8000,
HyperConverged
Rapidly mitigates the impact of firmware attacks. Able to recover itself to a known and
secure state, with trusted firmware, and without
manual intervention.
Aruba Policy Enforcement Firewall>1M Licence base WW
Reduces the impact of attacks inside an organization that coopt legitimate credentials
A key component of an organization’s “Zero Trust” architecture
17 to be announcedSept 25 (NDA Applies)
>150 Products & Services Submitted for evaluation
Data is the key to value, and it’s everywhere
Distribution of data is shifting,
and increasingly complex7 out of 10 bytes
of data will never see a data center1
Must secure data centers, cloud,
edge and devices – and the data
traveling between them
[1]Source: Gartner, Top 10 Strategic Technology Trends for 2018: Cloud to the Edge, Published: March 8, 2018
22
Shifting threats require a more holistic approach
Loss of functionis the new weapon
With many intelligent devices
independently processing,
data and controlmust be secured at every point
23
Cyber crime is estimated to cost
the world economy
$6 trillion by 20211
Product security bolted on
instead of designed inFederal certifications
plans not designed into
schedule
Insecure
development
practices &
processes
Unsecure
open source
Insecure
manufacturingCounterfeiting &
grey market sourcing
Transit & delivery
interception &
tampering
Insider
threats
BIOS
rootkits
MBR & OS
rootkits
Firmware
rootkits
[1] Forbes, The True Cost Of Cybercrime For
Businesses, Published July 2017
This holistic approach has three points of focus
Protectnew vulnerabilities
Detectintruders fast
Recoverquickly from an attack
280% increasein attacks on IoT devices1
~$20Kdaily cost ofan attack3
~46 daysrecover time
from an attack3
146 daysmedian time an attacker stays within
a network without detection2
1 f5 labs, “The hunt for IoT,” July 20172 Microsoft Advanced Threat Analytics datasheet. 3 Ponemon Institute, “2015 Cost of Cyber Crime Study: Global”
24
Build defenses against new vulnerabilities
25
Secure supply chain
Aruba ClearPass
Secure transition to cloud
Gen10silicon root of trust
HPE 3PARHPE Nimble Storage
Complete control over
silicon and firmware
Anti-counterfeit & Interdiction
Role-based access control
Encryption of Data in Motion
TPM Modules in Networking
Security Everywhere From
Edge to Cloud with HPE
PointNext Cloud
Technologies Providers
Ensure firmware integrity
Cyber Security Insurance
Self-encrypting drives
FIPS 140-2 level 2
Protect DETECT RECOVER
IMPLEMENTATION GUIDELINE – SILICON ROOT OF TRUST
26
You may qualify for enhanced terms and conditions when negotiating individual cyber insurance policies with participating insurers
Available in HPE Gen10 Server1 Products Include:✓ HPE ProLiant (DL, ML, BL)✓ HPE Synergy✓ HPE Apollo✓ HPE SimpliVity✓ Edgeline 8000
1iLO 5 with Silicon Root of Trust
Ensure that the firmware runtime verification is activated, to scan firmware every 30 days, at a minimum.✓ Alerts for compromised
firmware✓ Automatic recovery to
last known trusted state
HPE customers with silicon root of trust enabled may engage with participating cyber security insurers for enhanced terms and conditions on individually negotiated cyber insurance policies.
Start taking advantage Cyber CatalystSM accepted silicon root of trust and negotiate individual cyber insurance policies from participating insurers.
Silicon Root of Trust iLO Advanced License Review Policy Win with HPE
COMPETITION FIRMWARE VERIFICATION PROCESS
Firm
war
eH
ard
war
e(S
ilico
n)
Syst
em
Secu
re B
oo
t
Standard BMC
UEFI BIOS
BMCFirmware
Operating System Boot
loader
SPSFirmware
Only at boot-up
No Recovery of BMC
Limited recovery of just BIOS
Server StartFirmware connection to operating system through secure boot
SPS Firmware Server Platform Services
BMC Firmwareverification of server management firmware.
Standard BMCoff-the-shelf BMC ASICs from ASPEED, Marvell & others.
VERTICAL PROTECTION FROM BOTTOM TO TOP
Option ROMOption ROM verified for authenticity and validity
Secure BootIf all firmware is valid, server will allow the OS to Boot
SPSFirmware
Firmware also checks the server platform services
I.E.Firmware
Firmware also checks the innovation engine firmware
CPLD FirmwareNext, the iLO firmware checks the system programmable logic device (CPLD)
BMC FirmwareWhen a server is powered-on, the silicon chip immediately checks the firmware
BMC/iLO5 Silicon Chip
Hash Inserted into the silicon by opening gates
Firm
war
eH
ard
war
e(S
ilico
n)
Syst
em
Option ROMFirmware
Recovery Firmware (iLO, UEFI, I.E., and
Option ROM)
SPSFirmware
I.E.Firmware
CPLDFirmware
Ch
ecki
ng
dai
ly, n
ot
just
at
bo
ot-
up
CustomHPE Chip
UEFI BIOS
Firmware
Operating System Boot
loader
UNDERSTANDING HPE SECURE VM ISOLATIONRESOURCE SEGMENTATION
29
Devices
Firmware
Memory
Cache
CPU Cores
VM
1
VM
3
VM
2
Hardened KVM-based Hypervisor
FIREWALLEDRESOURCES
Devices
Firmware
Hypervisor
Memory
Cache
CPU Cores
VM
1
VM
3
VM
2
SHARED RESOURCES
STANDARD CLOUD OPERATION HPE SECURE VM ISOLATION
Aruba 360 Secure Fabric
Aruba Secure Core
Secure Boot | Encryption | DPI | VPN | IPS | Firewall
ClearPass | IntroSpect
Integrated Attack Response
Aruba360 SecureExchange
3600 active cyber protection and secure accessfrom the edge, to the core, to the cloud—for any network
ARUBA 360 SECURE FABRICSIMPLIFYING SECURITY FOR THE DIGITAL ENTERPRISE
Controller/Gateway
Faculty
Studen
t
IOT
Guest
Users and Devices
Policy Enforcement Firewall
ClearPass
Device Insight enhanced discovery and profiling
DEVICE AND DATA
SECURITY AT CONNECTION
WPA3 enhanced security on open
networks
VIRTUAL OR HARDWARE COLLECTORS
ANALYZER
Controllersenforce the rules
Controller/Gateway
Doctor
Patient
IOT
Guest
Office365
EHR
n0tma1ware.biz
AirGroup
Users and DevicesApplications and
Destinations
Policy Enforcement Firewall
SIMPLIFY IT & IMPROVE SECURITY WITH
DYNAMIC SEGMENTATIONAPS, Switches or
WANconnect type doesn’t matter
ClearPass
Policy Managermakes the rules and follows
the user
Create user and IoT access
policies based on roles – who
they are, device type, where they
are, and/or other parameters
Segmentation of traffic
happens based on the
rules and the
enforcement
Identify intruders fast and maintain operations
33
Aruba
Introspect
Machine learning-based attack
detection, before damage occurs
HPE
InfoSight
Security rules detecting
anomalies
Security update notification
Gen10 run-time
detection
Scan at boot time and on a
regularly scheduled basis
Early detection from edge to cloud
HPE Pointnext vulnerability
detection and remediation
Develop the processes necessary
for quick remediation
DetectPROTECT RECOVER
INTROSPECTCONTINUOUS MONITORING
Packets
Flows
Logs
Third-Party Alerts
100+ Unsupervised and SupervisedMachine Learning
Models
Comprehensive Attack
Detection
10x acceleration
in incident investigation via
Big Data forensics
Resume operations quickly
35
HPE Pointnext backup and
recovery services
Keep your data safe and reduce
your risk of data loss from cyber
attacks
Server System
Restore
In the event of compromise, restore firmware,
operating systems, and applications
HPE StoreOnce
& HPE SimpliVity
Reliably write and restore
data without corruption
Data back-up & recovery in the
compute-storage stack
RecoverPROTECT DETECT
Gen10 security: only from HPE
HPE Gen10 server security is unique
HPE tested Gen10 vs competitors HPE Compliance Assistance
Only HPE makes our own HPE
iLO/BMC Silicon
HPE Silicon Root of Trust &
Spectre/Meltdown: protection from
exploiting vulnerability
Only HPE has Commercial
National Security Algorithms
(CNSA) in server management
Only HPE applied NIST 800-53
controls
– Highest & most comprehensive
government guidelines for
operating HW/SW in the world
– No competitors have this level
– Creates secure baseline for A.T.O.
– Accelerates certifications/
compliance
Only HPE has independent
verification
– Black Hat penetration testing
ranks HPE two generations
ahead of competitors
– InfusionPoints’ testing ranks HPE
two generations ahead of
competitors
– FBI commended HPE on security
focus
− Hardware Root of Trust
− Two Factor Authentication CAC
− CNSA Suite (former NSA Suite B)
− Prevent Firmware Attacks from OS
− Secure Erase of NAND Data
− Common Criteria & FIPS 140-2 Level1
− UEFI Secure Boot & Made in USA
− TPM 1.2 and 2.0
− NIST 800-147b BIOS
− PCI-DSS Compliance
− Secure Protocols
− Detecting Compromised Firmware
− Firmware Runtime Validation
− Chassis Intrusion Detection on Most
Servers
− HPE Rack Cabinet Door Detector
− Verified Boot
− Trusted eXecution Technology
− SIEM Tool Support
− Audit Logs
− Measured Boot
− Secure Auto Recovery
− Recover Operating Systems
(Automatically reinstalled)
− Data Collection for Forensics
Evaluation
− HPE Pointnext custom recovery services
− Optimize Performance using Workload
Optimization & Jitter Smoothing
Unmatched Security with Gen10 The Most Secure Server in the World
Protect Detect Recover/Optimize
Immutable Silicon Root of Trust for Secure Start with ability to automatically rollback to known-good firmware
Why HPE?
38
Technology
Process
People
Focused on products that are as
secure and resilient as
possible, using a holistic
approach
#1 in server security
Industry unique
NIST 800-53 controls
Utilizing power of machine-
learning to proactively
prevent attacks
Secure supply chain
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.© Ingram Micro Inc.40
Panel Discussion and Q&A