The widening SolarWinds breach continues to make headlines. The provider of network monitoring services was attacked in 2020, presumably by Russian state intelligence. Hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, compromising the security of several U.S. federal government agencies and high profile technology companies including Microsoft, Cisco, VMware, and Intel. The damage is still being tabulated, as many of these initial targets were then used to access and spread malware throughout their supply chains. Microsoft alone reported over 40 of its customers were compromised through the SolarWinds-based attack.
The SolarWinds hack is still rocking Capitol Hill. Many government agencies and Fortune 500 companies are scrambling to determine if they have been impacted or remain vulnerable to these and other evolving cyber threats, and what they can do to mitigate them in the future.
Know who’s not worried about the SolarWinds attack? Companies that have implemented Hewlett Packard Enterprise (HPE) Trusted Supply Chain solutions. Because it’s no longer enough to protect your firewall; today’s threats demand you must protect your IT infrastructure right down to the silicon. To date, no evidence has been found suggesting even a single HPE Trusted Supply Chain customer has been exposed to or compromised by the SolarWinds attack.
Defend Applications and Data Before Your Server is Built
In today’s interconnected world, data security is not just about what happens inside your data center, it’s also about vetting the partners that provide the hardware and software to your IT environment.
HPE Trusted Supply Chain provides a new first line of defense against cyberattacks with select servers built to the world’s toughest security standards inside a secure environment, protecting your apps and data even before your server is built.
HPE is the only major server manufacturer building the world’s most secure, U.S. factory-made servers featuring exclusive Silicon Root of Trust technology that can be set to check firmware every 24 hours for compromised code and prevent any found instances from executing. The new HPE ProLiant DL380T Gen10 server is the first industry-standard server to be produced using the HPE Trusted Supply Chain process. Designed specifically for U.S. customers that prefer U.S.-sourced products with verifiable cyber assurance to further secure supply chains, the DL380T offers comprehensive, end-to-end data protection through a pre-installed layer of hardened security before the server is shipped to the customer.
With the DL380T, customers are assured of a product that has a USA country of origin. Only vetted HPE employees with verified background and security checks are certified to work on Trusted Supply Chain products inside highly secure domestic manufacturing facilities. This provides HPE customers with qualified levels of assurance that the servers they receive are authentic, uncompromised and will deliver multiple security-related benefits including:
- Prevent booting of any compromised operating system (OS) by using new hardening technologies to connect the server firmware security to the operating system by activating the UEFI secure boot.
- Reduce attack surface by placing servers in high security mode to verify user authenticity. Rest assured that more than four million lines of firmware code are valid and uncompromised.
- Prevent tampering of server firmware and hardware using server configuration lock to verify unauthorized addition of options (NICS, drives) or malicious activity by capturing the inventory or a “picture” of the server, its hardware and firmware status at the factory, to provide protection throughout the supply chain process.
- Alert customers with embedded alarm and physical lock if the server has been opened during the supply chain process. An intrusion detection latch, inserted on the server chassis, registers unauthorized openings—even if the power is off.
The HPE Trusted Supply Chain initiative supports U.S. customers across federal, public sector, banking and financial services, and healthcare organizations that require highly secure products made in the USA. At IIS, we have the expertise to assess and help deploy HPE solutions featuring hardened data protection. Contact us at IIS for a risk-free assessment and learn how your enterprise can better defend itself from the most vicious cyberattacks with the HPE ProLiant DL380T Gen10 server.