STORAGE & SERVERS
BACKUP & RECOVERY
MOBILITY & BYOD
BIG DATA, IOT &
The Silicon Root of Trust (RoT) satisfies an organization’s need for a robust security foundation by permitting only trusted firmware to load onto the server. It rapidly mitigates the impact of firmware attacks by detecting previously undetectable compromised firmware or malware, and swiftly advances server recovery to a known and secure state, with trusted firmware and without manual intervention.
HOW IT WORKS
Silicon RoT design can be integrated into data center servers, network and storage devices, and other IT hardware. It is a type of hardware-based encryption which creates an immutable fingerprint based in hardware, which verifies whether driver and firmware code is valid and uncompromised. A RoT based in hardware is the security foundation for a system on a chip (SoC), or other semiconductor device or electronic system. The hardware RoT contains the keys for cryptographic functions and is usually a part of a server secure boot process. This provides the foundation for the software chain of trust necessary to protect OS operation, firmware, and drivers.
Secure hardware-based RoT was initially requested by Federal and SLED agencies as part of their request for proposals (RFP) for servers (and other IT products), which meant it required the manufacturer to properly implement the functionality and have it certified by authorized agencies.
Financial Services, Retail, Healthcare, and most verticals value and are beginning to require it. It can be difficult to achieve since many manufacturers buy off the shelf components outside the United States. These may have their own firmware code or firmware written to the components, without any anchor point, making the product entirely more vulnerable to firmware breaches and other exploits. Servers with U.S.A design and integration of Silicon RoT, more secure supply chain measures, and government agency security compliance are quickly becoming a requirement.
One of Nth Generation partners that has achieved the Marsh Cyber Catalyst designation is Hewlett Packard Enterprise (HPE), which was awarded the designation in 2019 for its Gen10 server integrated lights out version 5 (iLO5). This out of band System on a Chip incorporated Commercial National Security Algorithm Suite (CNSA), FIPS 140 validation, daily run-time firmware checking, and secure recovery options. Marsh is working towards consensus among data center insurance providers on what solutions may allow enhanced terms and conditions to their clients.
Protection from malware and
critical vulnerability exploits
We are here to help.
Nth Generation offers teams of tenured experts that provide you with the expertise and certifications needed to assist with infrastructure solutions’ security and design; implementation of more secure Hybrid IT, either as capital budget or As-a-Service expense option; and the overall security of your organization and remote workplace. https://www.security.nth.com/remote-work