SERVER
Server Silicon Root of Trust
The Silicon Root of Trust (RoT) can protect against firmware attacks, detect previously undetectable compromised firmware or malware, and help to rapidly recover the server in the event of an attack. It satisfies an organization’s need for a robust security foundation, permitting only trusted firmware to be loaded onto the server, and can rapidly mitigate the impact of firmware attacks. It can recover itself from attacks by malicious code to a known and secure state with trusted firmware and without manual intervention.
OVERVIEW
How it Works
RoT design can be integrated into datacenter servers, storage devices, peripherals, and other hardware. Silicon Root of Trust is a type of hardware-based encryption which creates an immutable fingerprint based in hardware, which verifies whether driver and firmware code is valid and uncompromised. An RoT based in hardware is the security foundation for a system on a chip (SoC), or other semiconductor device or electronic system. The hardware Root of Trust contains the keys for cryptographic functions and is usually a part of a server secure boot process. This provides the foundation for the software chain of trust necessary to protect OS operation, firmware, and drivers.
Nth Generation server partners have achieved the Marsh Cyber Catalyst designation, which incorporates Commercial National Security Algorithm Suite* (CNSA) control measures and FIPS 140 validated chipsets with Silicon Root of Trust, daily run-time firmware checking, and secure recovery options.
Protection from Denial
of Service attacks >
Immutable silicon based fingerprint ensures server will never booth with compromised firmware
1
Enhanced detection
and recovery >
Alerts from compromised firmware code with the ability to quickly recover to a known good state
2
Data security within
the server >
Option to sun highest level of security protection in the industry (CNSA Suite)
3
WHY YOU NEED SERVERS?
Less Vulnerability
Silicon Root of Trust was initially requested by Federal and SLED agencies as part of their request for proposals (RFP) for servers (and other IT products), which meant it required the manufacturer to properly implement the functionality and have it certified by authorized agencies. Financial services, retail, healthcare, and other industry verticals also value and have begun to require it. It can be difficult to achieve since many manufacturers buy off-the-shelf components outside the United States. They may have their own firmware code or firmware written to the components without any anchor point, making the product more vulnerable to firmware breaches and other exploits.
BENEFITS OF SERVERS
#1
Protection from malware and critical vulnerability exploits
#2
Help prevent compromises in component supply chain
#3
Hardware-based security for validation of firmware and drivers
#4
Levels of control for boot and recovery if compromised
#5
Lower cost to IT and the organization due to compromised risk reduction or avoidance
We are here to help.
Nth Generation offers teams of tenured experts that provide you with the expertise and certifications needed to assist with infrastructure solutions’ security and design; implementation of more secure Hybrid IT, either as capital budget or As-a-Service expense option; and with the overall security of your organization and remote workplace.
Partner with us to determine:
Data Center Needs Analysis
Virtualization Recommendation and Implementation
Enterprise Architecture and Solution Design
Data Protection and Management
