InfusionPoints Security Testing and Research featured at HPE Discover 2017 Europe
InfusionPoints had a big presence at HPE Discover 2017 Europe held in Madrid, Spain from November 28, 2017 through November 30, 2017. This was our second time being invited to HPE Discover, Hewlett Packard Enterprise’s flagship event, to discuss the Cyber Security work we’ve been doing with HPE.
On Tuesday, InfusionPoints CTO, Jason Shropshire spoke on two panels including HPE compute experience powered by HPE Gen10 servers, delivering new levels of agility, security and economic control where he described the results of ongoing hardware and firmware security testing being done at InfusionPoints.
“InfusionPoints has been conducting tests on industry standard servers for nearly a year now. We’ve had a total of seven servers from four different vendors on our test bench, and this is some really exciting testing! Historically, there has been a lot of testing around performance and benchmarking, but we haven’t seen a lot of comparative testing around hardware and firmware security across multiple vendors’ latest products like this before.”
The first round of testing, conducted in the spring, was a security assessment across network, firmware, and physical attack vectors on four vendors’ latest industry-standard server offerings including HPE’s Gen10 Server. The results of this testing were a focal point at HPE Discover 2017 held in Las Vegas in June 2017. The second round of testing conducted in the fall of 2017 focused on HPE’s Silicon Root of Trust and its ability to recover from various firmware attacks versus another vendor claiming to have a silicon root of trust in their latest generation server.
“None of the competitors provided the complete recovery capability that the Gen10 was capable of -- In fact, competitors could not recover at all from certain types of attacks," noted Shropshire.
Shropshire also spoke about the NIST enabled infrastructure solution that InfusionPoints was developing for HPE.
“You know, NIST has really become the de-facto standard for security around the world. It provides a complete security framework, including specific technical guidance around how companies should deploy solutions like this HPE solution. We assembled the HPE equipment, developed the controls, validated secure configurations and tested to ensure adequate security. Any company that uses this control set on HPE gear has a secure base line from the start, which can go a long way toward demonstrating compliance across a variety of frameworks,” Shropshire said.
Finally, InfusionPoints developed a custom Ransomware malware variant to demonstrate the functionality of HPE’s new iLO Amplifier Pack. When combining iLO Amplifier Pack with Nimble storage, the solution is capable of a full stack recovery, including the firmware, operating system, and application data after a Ransomware attack. This custom Ransomware was on display in the Transformation Zone throughout the conference.
InfusionPoints had a very productive week in Madrid, and we are grateful for HPE’s dedication to building security into their products and for their continued partnership with InfusionPoints.