Server Silicon Root of Trust
The Silicon Root of Trust (RoT) can protect against firmware attacks, detect previously undetectable compromised firmware or malware, and help to rapidly recover the server in the event of an attack. It satisfies an organization’s need for a robust security foundation, permitting only trusted firmware to be loaded onto the server, and can rapidly mitigate the impact of firmware attacks. It can recover itself from attacks by malicious code to a known and secure state with trusted firmware and without manual intervention.
How it Works
RoT design can be integrated into datacenter servers, storage devices, peripherals, and other hardware. Silicon Root of Trust is a type of hardware-based encryption which creates an immutable fingerprint based in hardware, which verifies whether driver and firmware code is valid and uncompromised. An RoT based in hardware is the security foundation for a system on a chip (SoC), or other semiconductor device or electronic system. The hardware Root of Trust contains the keys for cryptographic functions and is usually a part of a server secure boot process. This provides the foundation for the software chain of trust necessary to protect OS operation, firmware, and drivers.
Nth Generation server partners have achieved the Marsh Cyber Catalyst designation, which incorporates Commercial National Security Algorithm Suite* (CNSA) control measures and FIPS 140 validated chipsets with Silicon Root of Trust, daily run-time firmware checking, and secure recovery options.
Protection from Denial
of Service attacks >
Immutable silicon based fingerprint ensures server will never booth with compromised firmware
and recovery >
Alerts from compromised firmware code with the ability to quickly recover to a known good state
Data security within
the server >
Option to sun highest level of security protection in the industry (CNSA Suite)
WHY YOU NEED SERVERS?
Silicon Root of Trust was initially requested by Federal and SLED agencies as part of their request for proposals (RFP) for servers (and other IT products), which meant it required the manufacturer to properly implement the functionality and have it certified by authorized agencies. Financial services, retail, healthcare, and other industry verticals also value and have begun to require it. It can be difficult to achieve since many manufacturers buy off-the-shelf components outside the United States. They may have their own firmware code or firmware written to the components without any anchor point, making the product more vulnerable to firmware breaches and other exploits.
BENEFITS OF SERVERS
Protection from malware and critical vulnerability exploits
Help prevent compromises in component supply chain
Hardware-based security for validation of firmware and drivers
Levels of control for boot and recovery if compromised
Lower cost to IT and the organization due to compromised risk reduction or avoidance