Hewlett Packard Enterprise has released an update to its iLO Amplifier Pack, making Server System Restore available to customers who have already purchased or downloaded the iLO Amplifier Pack. Server System Restore is a feature that enables the automatic restoration of server operating environments, through the iLO Advanced Premium Security Edition license, following cyber-attacks or other malware attacks. HPE announced the immediate availability of Server System Restore for existing customers by downloading here.
Why does this matter?
Here’s the situation: you are a Chief Information Officer or Chief Information Security Officer and get “the call.” Infrastructure has been compromised, data has been encrypted. Your business has come to a standstill. After speaking with your team for 15 minutes, you realize your two choices will be to pay a healthy ransom or cobble together a system and data recovery plan that was never updated to account for today’s world. Five days and $50,000 in cryptocurrency later, your organization is back up and running and you just have to trust that the hackers who attacked your infrastructure were noble enough to remove all malware and destroy any copies of your data they may have had.
Sound pretty farfetched? It’s not. According to Cybersecurity Venture’s 2017 Ransomware Damage Report
, ransomware attacks have increased 15-fold in the last two years. Next year it’s predicted that a company will be infected by ransomware every 14 seconds. And the cost? By 2021, cyber security will cost the global economy $6 trillion
. On that note, I recently documented the case of how Uber was breached, exploited and held for ransom—if you need real world example of these perils, read more here
So you find your servers locked down and data encrypted - what do you do? Many IT organizations have disaster recovery (DR) plans in place that document recovery from a server outage. Unfortunately, many of the plans IT organizations rely on are outdated and the methods and technologies used do not account for recovering from ransomware. During the last wave of Notpetya ransomware attacks, a large enterprise was severely exploited. Its recovery from this attack consisted of restoring over 4,000 servers, 45,000 PCs and 2,500 applications. Amazingly, it fully recovered in 10 days—at the small cost of $200 million.
How’s your cybersecurity strategy these days?
All of these “hackopalypse” statistics and stories are cited and rehashed as reminders to take those outdated cybersecurityundefined strategies and update them, accounting for newer technologies that can help in both risk mitigation and incident response.
In past articles by my firm’s Principal Analyst Patrick Moorhead
, we have explored new silicon-rooted security features in servers from Hewlett Packard Enterprise that can protect against attacks and, in the event of breach, quickly detect the most insidious malware rooted in firmware. HPE’s silicon root of trust is perhaps the most comprehensive server security[/entity] available for IT organizations. I believe HPE’s implementation of silicon root of trust is the gold standard in protecting IT server infrastructure from these attacks that are increasingly difficult to detect. By comparing a server’s firmware against an immutable fingerprint, the most insidious of rootkit and firmware attacks can be detected far more quickly than what is experienced in IT organizations. This quick detection can minimize the damage of ransomware attacks.
However, detection is only one half of the equation. Once detected, how does an organization ensure servers are clean and restored appropriately? That is, how do you ensure OS images, applications, and data are cleanly installed and loaded? In the case of the large enterprise I mentioned earlier, it was a herculean effort of an IT team and technology partners to achieve this in less than half time of the industry average of 23 days. But can your organization afford 10 days of downtime and a loss of at least $200 million?
HPE Server System Restore delivers “single click recovery”
In today’s world of digital everything, time to recovery can be the difference between staying ahead of the competition and falling far behind. Recovery time objective (RTO) and maximum tolerable downtime (MTD) are more than just acronyms that make a disaster recovery plan look legitimate. With this in mind, IT organizations would be well served to give a hard look at tools like Server System Restore from HPE. Server System Restore is a new capability in HPE’s iLO Amplifier Pack that can automatically restore up to 10,000 servers with a single click – from silicon to operating systems to applications to data.
I’m a fan of HPE’s Server System Restore for a couple of reasons. First and foremost, it is tightly integrated to HPE’s silicon root of trust. What this means is very strong protection complemented by quick recovery on the back end. Second, Server System Restore makes recovery simple, secure, and scalable. Whether an organization has one hundred, one thousand, or ten thousand servers, IT administrators can configure Server System Restore to automatically:
- Remove corrupt firmware
- Reinstall validated firmware (and apply proper settings)
- Securely restore operating systems
- Restore applications
- Restore data
Single click. Complete restoration.
Let’s reconsider the Petya attack referenced earlier. 10 days to restore 4,000 servers. If Server System Restore was used in response to this attack, this enterprise could have recovered in a matter of hours and saved hundreds of millions of dollars.
It’s not just large enterprises that can benefit from HPE’s Gen10 ProLiant servers and Server System Restore. In fact, I believe small to mid-sized enterprises are more at risk than organizations with tens of thousands of servers. These smaller organizations tend to have less resources available and less time to recover before the financial toll becomes too big.
“Point” product releases don’t usually capture my attention, but this is different. I believe Server System Restore completes the HPE server security strategy and puts the company in a security leadership position. I don’t know of any other players in the server space that offer such a tightly integrated, end-to-end solution. For those organizations that have deployed HPE ProLiant Gen10 servers, download this update as soon as possible. For those who have not deployed HPE ProLiant Gen10 servers? Reconsider your decision.