HPE kicked off Discover with the unveiling of Project Aurora, a silicon-to-workload and edge-to-cloud security solution. With Project Aurora (first available on its cloud-native GreenLake Lighthouse platform), HPE claims to deliver a zero-trust architecture that protects infrastructure and workloads from the most advanced and insidious attacks. Does HPE deliver? And what is zero-trust? We will try to cover all of this in the next few paragraphs.
Setting the stage – it’s a dangerous world
Petya, CryptoLocker, WannaCry, NotPetya—the list of high-profile ransomware attacks over the last two years is seemingly endless. These are attacks intended to get your data, encrypt it and hold it for ransom. Those living on the east coast of the United States may be familiar with the latest case, in which the Darkside Ransomware group held up the Colonial Pipeline to the tune of $4.4M USD. Want to hear something scarier? Darkside is classified as a Ransomware as a Service (RaaS). Yes, this is a real thing. The average duration for Ransomware is about 24 days, according to this study from Fireye, and in the US, victims pay, on average, about $8.64M (according to this Ponemon reportsponsored by IBM). So, Colonial got off cheap, in a sense.
But malware can be more insidious than simply encrypting data or preventing operations in exchange for money. The range of attackers span from loosely federated hacking gangs to nation states. And the aim is everything from IP theft to the exfiltration of secret data to the disabling of critical services and infrastructure, through rootkits such as Drovorub and Cloud Snooper. This is very real, and these attacks are not limited to very large companies or specific industries. Nor are such attacks limited to the government. You are at risk. We are at risk.
Attack can even take place before a server is racked. Supply chain attacks whereby compromised components such as baseboard management controllers (BMCs), BIOS, and firmware populate a server, exploiting it before an OS is even installed.
If the above sounds kind of bleak, well, it is. This is the very reason why organizations spend an ever-increasing share of IT budget on cybersecurity. And while the market is full of strong point security solutions, the lack of uniformity, integration and a secure chain-of-trust still leaves many organizations vulnerable.
Second – security has many dimensions
Security is multi-planed. On one vector is the silicon-to-workload plane. The other vector is the edge-to-datacenter-to-cloud plane. These planes represent the generation, transformation, use and archival of data, on the “things” where the life of data begins: across the environments data travels, to the workloads that use this data, and finally to the infrastructure that warehouses it.
This multi-planed challenge requires a security solution that is, in turn, multi-planed. Further, solutions protecting the modern environment must employ a secure chain-of-trust that leave no vulnerabilities for bad actors to exploit—both in the physical construct of an IT environment, and across the lifecycle of each component in your infrastructure.
Project Aurora – HPE’s answer to the question “what is zero trust?”
Achieving absolute security in any environment begins with deploying a solution that is rooted in zero trust. Meaning, an environment that is fully measured and attested at every layer of the stack, along every point in the continuum, across the full lifecycle, with a validated and secure hand-off that establishes a secure chain of trust. And this, in essence, is what Antonio Neri announced with Project Aurora: a security platform designed to deliver end-to-end protection of your environment and data. From the silicon to the workload, and from the edge to the cloud.
It’s important to note that before Project Aurora is instantiated, a rooted chain-of-trust is established with HPE’s secure supply chain. This includes a physical presence on the floors of suppliers, audits, and secure manufacturing. And once a server is manufactured and racked in a datacenter, through platform certificates and cryptographic signatures (IDevID) assure the components in that server are what left the assembly line.
Once this validation takes place, a secure and validated handoff is made to Project Aurora, beginning with infrastructure trust. The company’s silicon root of trust technology and continuous scanning validates the five million or so lines of code the system executes before a server boots, while also verifying the drivers and firmware used to support the server environment. If you see some overlap between infrastructure trust and secure supply chain, this is by design and the result of this zero-trust approach taken by HPE. This assures no vulnerabilities are left to exploitation.
From infrastructure trust, a secure hand off is made to OS trust, whereby a baseline measurement is made and continuously validated through scanning agents. This continues from the OS to the platform (middleware, container environment, etc.), to the workloads and data.
This same security is replicated at the edge and in the cloud, enabling a uniform and securely integrated environment.
You can get a deeper look at how Project Aurora works by reading this Moor Insights & Strategy research paper.
Why Project Aurora should matter to you
If the introduction in this article didn’t appropriately freak you out, let’s get a little more direct. Your environment and data is at risk, and that risk profile grows more and more every day. It doesn’t matter how big your company is. It doesn’t matter what vertical industry you are in. And it doesn’t matter how much you spend on cybersecurity every year. The IT market is flooded with very compelling point solutions. Meaning, they’re not fully integrated and do not establish that chain-of-trust up the stack and across the environments. As a result, ransomware goes undetected for 24 days. And other malware based in rootkits and bootkits can stay undetected for over 200 days, according to that aforementioned Ponemon report.
With Project Aurora, HPE claims to have an answer to these attacks. In internal testing, the company recreated the Drovorub rootkit. Project Aurora was able to detect it in as little as two seconds. Compare this with the 200 plus days such an attack can go undetected. And this is why the announcement of Project Aurora is so significant.
While this service is only available on GreenLake Lighthouse today, HPE has made clear its intent to roll into GreenLake cloud services, and then into its Ezmeral platform. I think this is a wise roll out. As I think back to my product management days, this approach allows HPE to deploy into a more controlled environment while the solution proves itself out. From here it can roll out to a wider audience before deploying “in the wild.”
The cybersecurity space is complex, and the threat landscape is constantly moving and evolving. Every IT solutions vendor in the market is trying to protect its customers and their environments, and HPE is no different in this regard. However, as an analyst who has been covering this space, HPE has consistently made security a top priority. Whether through the development of IP or acquisition or partnerships, the company matches its constant drumbeat of messaging with its actions.
While Project Aurora is a big deal, I expect more is to come from HPE. I am waiting to see how Aruba’s identity management ties into this security framework (I’m sure it will), and when the company will enable Project Aurora on its Nimble, Edgeline and Apollo product lines.