HPE has been busy shoring up its already formidable security capabilities. In addition to Silicon Root of Trust built into its ProLiant, Synergy, Apollo, SimpliVity, and Edgeline servers, the company rolled out new functionality that drives end-to-end lifecycle security. On top of this, two HPE hardware and software solutions recently received Cyber Catalyst designations: Silicon Root of Trust and Aruba Policy Enforcement Firewall (PEF).
What’s new in the HPE security portfolio, and why does this matter to IT consumers? What is a Cyber Catalyst designation, and why does it matter? We will dig into these in the next few paragraphs.
HPE not sitting still on the security front
Most IT consumers are aware of the Silicon Root of Trust capability that HPE built into its Gen10 ProLiant server lineup. Silicon Root of Trust protects HPE servers from the lowest level hacking attacks, ensuring the server boots to a pristine state (Moor Insights authored a research paper on Silicon Root of Trust that can be found here).
Understanding that no cyber resilience solution is complete without the capability to recover from a cyber incident, HPE followed up its delivery of Silicon Root of Trust with its Server System Restore capability, built into iLO 5 amplifier pack. This capability enables organizations to restore servers to its original operating environment. MI&S detailed these capabilities here.
HPE continues to deliver on its cyber resilience with two new features that further put the company in a leadership position. One of the newer features that hasn’t been covered too much is called One-Button Secure Erase. This feature is exactly what it implies - the ability to completely erase every byte of data that sits on an HPE server when an IT Department decides to end-of-life infrastructure. When that old server is ready to be recycled or donated, IT organizations can have confidence there will be no traces of data or proprietary information. This is an invaluable feature for organizations of all sizes.
One area where HPE enhanced its security capabilities is in the area of virtualized environments. The company did a good job of integrating its Silicon Root of Trust capabilities with AMD ’s Secure Processor. Once booted, the EPYC processor extends security by encrypting the memory (Secure Memory Encryption). Virtual environments are secured by AMD’s Secure Encrypted Virtualization technology.
HPE will also soon launch a new capability with Intel INTC +0% called Secure VM Isolation. Using a specialized KVM hypervisor and technology co-developed with Intel, Secure VM Isolation does exactly as the name implies - it isolates virtual machine physical resources, preventing malware from being spread from VM to VM. This technology also enables organizations to better enforce quality of service (QoS) guarantees through those dedicated resources to virtual machines (read: no noisy neighbors). As shown in the diagram below, with Secure VM Isolation dedicates resources from cores to memory to cache and firmware.
What’s perhaps most impressive about HPE’s Secure VM Isolation is not the technology. It is the fact that HPE saw a potential gap in its server security portfolio and leveraged its partnerships to shore up that potential vulnerability.
Secure VM Isolation should resonate with larger-scale organizations with KVM based virtualized environments, such as government and public cloud providers.
HPE security extends to software
While HPE is known for its robust silicon-based security, one should not forget that Aruba is an HPE-owned company. And Aruba, for that matter, is also known for its robust security in the area of networking. As more and more companies look to deploy edge strategies, the potential security vulnerabilities introduced by IoT and IIoT will keep cybersecurity teams up at night. Aruba's Policy Enforcement Firewall (PEF) minimizes these vulnerabilities, utilizing identity-based policies to deliver zero trust role-based access control at the point of connection. This removes the edge security gap associated with other access control solutions.
HPE achieves a couple of firsts with its two Cyber Catalyst product designations
Marsh, a leader in insurance brokering and risk management, announced on September 25th, the Cyber Catalyst designation for cybersecurity providers whose solutions, in the view of leading cyber insurers demonstrate an ability to help reduce cyber risk for organizations. HPE-exclusive Silicon Root of Trust and Aruba's PEF were both designated Cyber Catalyst solutions. HPE was one of three companies to have two solutions receive the Cyber Catalyst designation, and Silicon Root of Trust was the only server hardware technology to receive such a designation.
What is the Cyber Catalyst program?
Created by Marsh, the Cyber Catalyst program brings together eight of the leading cyber insurers in the world, with the common cause of identifying cybersecurity solutions they believe can help organizations of all sizes to better navigate the cybersecurity marketplace.
The designation of Cyber Catalyst is awarded to cybersecurity solutions that participating insurers believe can have a meaningful impact in assisting organizations in combatting cyber-attacks. The insurers (Allianz, Axis, AXA XL, Beazley, CFC, Munich Re, Sompo International, and Zurich North America) conduct a comprehensive vetting of submitted products and services (with technology advise from Microsoft) to determine a product's worthiness of the designation.
Why do we need the Cyber Catalyst program?
I’ve never heard an IT professional say, “I am completely confident in my cyber resilience program and I never worry about my company’s data being held ransom.” Virtually every company struggles with securing its data, and the number of companies claiming to have all of the answers for solving your cybersecurity needs is seemingly countless. This market dynamic has made it difficult for the average IT organization to effectively map a comprehensive security strategy that spans the cyber resilience continuum - from prevention to recovery to lifecycle management.
Per Tom Reagan, who leads Marsh’s US cyber brokerage practice and also heads up the Cyber Catalyst program for Marsh, this complexity is exactly why Marsh spearheaded this effort. In turn, bringing some clarity to the cybersecurity market should benefit insurers as customers can make more informed decisions. In short, an effective cyber catalyst program should ultimately lead to fewer cyber incidents.
Is the Cyber Catalyst designation significant?
In short, yes. The Cyber Catalyst designation is important. Cyber insurers want to reduce the number of checks they write to organizations hit by ransomware attacks and other cyber incidents. Because of this, it’s important to recognize technologies that demonstrate an ability to help protect organizations from cyber incidents.
The goal of Marsh and the participating insurers is to provide clearer guidance to organizations looking to strengthen their cyber defenses. Because of this, the Cyber Catalyst evaluation process is rigorous. Out of over 150 initial submissions, only 17 designations were awarded in this inaugural program cycle.
Some closing thoughts.
Security has been and will be a top of mind topic for the foreseeable future. As edge computing moves from being strategically important towards actual deployments, the need to have a holistic security approach anchored by resilient infrastructure is critical. HPE’s approach to meeting these complex needs is comprehensive. The company has built and acquired intellectual property that protects organizations across the many dimensions necessary to achieve real cyber resilience.
IT organizations of all sizes would be wise to take a deeper look at Marsh’s Cyber Catalyst program. Taking advantage of the exhaustive vetting process that Tom Reagan and team put behind its designations is smart.