Deepak Rangaraj, Dell Technologies
the cyber security landscape continues to be one characterized by a series of Point tools designed to do a very specific job often pretty well but the Mosaic of tooling is grown over the years causing complexity and driving up costs and increasing exposures so the game of whack-a-mole continues moreover the way organizations approach security is changing quite dramatically the cloud while offering so many advantages has also created new complexities the shared responsibility model redefines what the cloud provider secures for example the S3 bucket and what the customer is responsible for EG properly configuring the bucket you know this is all well and good but because virtually no organization of any size can go all in on a single Cloud that shared responsibility model now spans multiple clouds and with different protocols now that of course includes on-prem M and Edge deployments making things even more complex moreover the devops team is being asked to be the point of execution to implement many aspects of an organization's security strategy this extends to securing the runtime the platform and even now containers which can end up anywhere there's a real need for consolidation in the security industry and that's part of the answer we've seen this both in terms of mergers and Acquisitions as well as platform plays that cover more and more ground but the diversity of Alternatives and infrastructure implementations continues to Boggle the mind with more and more entry points for the attackers this includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and house secure those components actually are the number one challenge csos face in today's complex world is lack of talent to address these challenges I'm not saying that secops Pros are not talented they are there just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day now one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of sekhov teams specifically we're talking about shifting much of the heavy lifting around securing servers storage networking and other infrastructure and their components onto the technology vendor via r d and other best practices like Supply Chain management and that's what we're here to talk about welcome to the second part in our series a blueprint for trusted infrastructure made possible by Dell Technologies and produced by the cube my name is Dave vellante and I'm your host now previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation in this part two of the series we explore the changing nature of Technology infrastructure how the industry generally endows specifically are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams now today we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that devsecop teams can focus on the Myriad new attack vectors and challenges that they faced first up is Deepak rangaraj power Edge security product manager at Dell Technologies and after that we're going to bring on Mahesh nagarathnam who was a consultant in the networking product management area at Dell and finally we'll close with Jerome West who's the product management security lead for HCI hyper-converged infrastructure and converged infrastructure at Dell thanks for joining us today we're thrilled to have you here and hope you enjoy the program [Music] we're kicking off with Deepak rangaraju's power Edge security product manager at Dell Technologies Deepak great to have you on the program thank you thank you for having me so we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in and Security in a manner that both secures infrastructure and minimizes organizational friction we also hit on the storage part of the portfolio so now we want to dig into servers so my first question is what are the critical aspects of securing server infrastructure that our audience should be aware of sure uh so if you look at gum cute in general right it has rapidly evolved over the past couple of years especially with Trends towards software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds public Cloud Asian locations remote offices and also remote workers so on top of this there's also an increase in the complexity of the supply chain itself right there are companies who are dealing with hundreds of suppliers as part of their supply chain so all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked and attacks are becoming more frequent more severe and more sophisticated and this has also triggered a wrap in the Regulatory and mandates around the security needs and these regulations are not just in the government sector right so it extends to critical infrastructure and eventually it will also get into the private sector in addition to this organizations are also looking at their own internal compliance mandates and this could be based on the industry in which they are operating in or it could be their own security postures and this is the last game in which servers are operating in today and given that so is the foundational blocks of the data center it becomes extremely important to protect them and given how complex the modern server platforms are it's also extremely difficult and it takes a lot of effort and this means protecting everything from this supply chain to the manufacturing and then eventually the assuring the hardware and software Integrity of the platforms and also the operations and there are very few companies that go to the lens that tell us in order to secure the server we truly believe in the notion of a security mentality that you know security should enable our customers to grow focus on their business and proactively innovate on their business and it should not be a burden to them and we heavily invest to make that possible for our customers so this is really important because the premise that I set up at the beginning of this was really that as of security pro I'm not a security pro but if I were I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I got to deal with I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the Providence Etc so I'm glad you you hit on that but so given what you just said what does cyber security resilience mean from a server perspective for example Are there specific principles that Dell adheres to that are non-negotiable let's say how does Dell ensure that its customers can trust your server infrastructure uh yeah when it comes to security and debt right it's ingrained in our product DNA so that's the best way to put it and security is non-negotiable right It's never enough about where you come up with a design and then later on figure out how to make it secure right with our security development life cycle the products are being designed to counter these threats right from the beginning and in addition to that we are also testing and evaluating these products continuously to identify whether it is we also have external third-party coordinates which supplement this process and in addition to this Dell makes the commitment that we rapidly respond to any mitigations and vulnerability any vulnerabilities and exposures found out in the field and provide mitigations and patches for those in a timing manner so this security principle is also built into our server life cycle right every phase of it so we want our products to provide cutting-edge capabilities when it comes to security so as part of that we are constantly evaluating what a security model is internally we are building on it and continuously improving it so a few years ago our model was primarily based on the nest framework of protect detect and recover and it still aligns really well to that framework but over the past couple of years we have seen how computers evolved how the threats have evolved and we've also seen the regulating Trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach and so now when we are building our infrastructure and tools and offerings for our customers first and foremost they are cyber resilient right what we mean by that is they're capable of anticipating threats withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they are deployed the process of Designing these capabilities and identifying these capabilities however is done through the zero trust framework and that's very important because now we are also anticipating how our customers will end up using these capabilities are there and to enable their own zero trust ID environments and ID difference your address deployments we are completely adapted our security approach to make it easier for customers to work with us no matter where they are in their Journey towards their Orchestra option so thank you for that you mentioned in this framework you talked about zero trust when I think about nist I think as well about layered approaches and when I think about zero trust I think about if you if you don't have access to it you're not getting access you've got to earn that that access and you've got layers and then you still assume that bad guys are going to get in so you've got to detect that and you've got a response so server infrastructure security is so fundamental so my question is what is Dell providing specifically to for example detect anomalies and breaches from unauthorized activity how do you enable fast and easy or facile recovery from malicious incidents right what is that is exactly right right breaches are bound to happen and given how complex our current environment is it's extremely distributed and extremely connected right data and users are no longer contained within offices where you can set up a perimeter firewall and say yeah everything within that is good we can trust everything within it that's no longer true the best approach to protect data and infrastructure in the current world is to use a zero trust approach which uses the principles nothing is ever trusted right nothing is trusted implicitly you're constantly verifying every single user every single device and every single access in your system at every single level of your ID environment and this is the principle that we use on power Edge right but with an increased focus on providing granular controls and checks based on the principles of least privileged access so the idea is that a service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry but we recognize breaches are going to occur and if they do they need to be minimized such that the sphere of damage caused by the attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their Privileges and cost more damage right so the impact radius per instance has to be radius and this is done through features like automated detection capabilities and automation automated remediation capabilities so some examples are as part of our end-to-end food resilience process we have what we call a system lockdown right we can lock down the configuration of the system and lock it on the firmware versions and all changes to the system and we have capabilities which automatically detect any Drift from that lockdown configuration and we can figure out if the drift was caused due to authorized changes or unauthorized statements and if it is an unauthorized change you can log in generate security alerts and they even have capabilities to automatically enroll the firmware and Os versions back to a known good version and also the configurations right and this becomes extremely important because as part of zero trust we need to respond to these things at machine speed and we cannot do it at a human speed and having these automated capabilities is a big deal when achieving that zero trust strategy and in actually do this we also have chassis intrusion detection where if the chats in the Box the server box is opened up it locks alerts and you can figure out even later if there's an AC power cycle you can go look at the logs to see that the box is opened up and figure out if there was a making a known authorized access or some malicious after opening and changing something in Europe system great thank you for that a lot of detail and appreciate that I want to go somewhere else now because Dell has a renowned supply chain reputation so what about securing the supply chain and the server bill of materials what does Dell specifically do to track the Providence of components it uses in its systems so that when the systems arrive a customer can be a hundred percent certain that that system hasn't been compromised right and let's talk about how complex the modern supply chain is right and that's no different for service we have hundreds of components on the servers and a lot of these required firmware in order to be configured and run and these stronger components could be coming from third-party suppliers so now the complexity that we are dealing with requires the end-to-end approach and that's where Dell pays a lot of attention into assuring the security approaching and it starts all the way from sourcing companies right and then through the design and then even the manufacturing process where we are getting a personal at the factories and getting the factories itself and the factories also have physical controls physical security controls built into them and even shipping right they have GPS tagging of packages so all of this is built to ensure supply chain security but a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any data and we have a feature called the secure component verification which is capable of doing this one feature does is when the system gets built in a factory it generates an inventory of all the components in the system and it creates a cryptographic certificate based on the signatures presented to this by the components and this certificate is stored separately and sent to the customers separately from the system itself so once the customer is receive a system at their end they can run out to it generates an inventory of the components on the system at their end and then comparison to the golden certificate to make sure nothing was changed and if anything is a detected we can figure out if there is an author exchanger or another exchange again authorized changes could be like you know upgrades to the drives or memory and unauthorized changes could be any sort of tamper so that's the supply chain aspect of it and build up native use is also an important aspect to guaranteeing security right and we provide a software bill of materials which is basically a list of ingredients of all the software pieces in the platform so what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulnerabilities which have been discovered out in the wild affect their platforms so that's a quick way of figuring out if your platform has any known vulnerabilities and it has not been patched excellent so that's really good my last question is I wonder if you could you know give us the sort of summary from your perspective what are the key strengths of Dell server portfolio from a security standpoint I'm really interested in you know the uniqueness and the strong suit that Dell brings to the table right yeah we've talked enough about the complexity of the environment and how zero trust is necessary for the modern idea environment right and this is integral to data powered servers and as part of that like you know security starts with the supply chain you've already talked about the secure component verification which is a unique feature that Dell platforms have and on top of it we also have a silicon-based platform rule of trust so this is a key which is programmed into the Silicon on the black servers during manufacturing and can never be changed afterwards and this immutable key is what performs the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software Integrity to the boot all pieces of it right in addition to that we also have a host of data protection features whether it is protecting data at rest in news or in-flight we have self-encrypting drives which provides scalable and flexible encryption options and this coupled with external Key Management provides really good protection for your data address external Key Management is important because you know somebody could physically steal the server and walk away but then the keys are not stored on the server it's stored separately so that Pro against your action layer of security but we also have dual layer encryption where you can complement the hardware encryption on the secure encrypted drives with the software in another language in addition to this we have identity and access management features like multi-factor authentication single sign-on roll scope and time-based access controls all of which are critical to enable that granular control and checks for a zero trust approach so I would say like you know if you look at the feature set it's pretty comprehensive and they also have a flexibility built and to meet the needs of all customers no matter where they fall in the spectrum of uh you know risk tolerance and security sensitivity and we also have the capabilities to meet all the regulatory requirements and complex so in a nutshell I would say that you know Dell power itself is cyber resident infrastructure helps accelerate zero trust adoption for customers got it so you really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure uh not compromised that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about which are numerous thanks Deepak appreciate you coming on thecube and participating in the program you're welcome in a moment I'll be back to dig into the networking portion of the infrastructure stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies and the cube your leader in Enterprise and emerging Tech coverage foreign [Music]
2022-10-19 19:25