Project Aurora: No Space and No Time for Cyber Risks Thanks to Zero Trust.
Trust is fine, but control is better - this is how the zero trust principle works. But where should this control begin - and where should it end? The engineers of HPE's Aurora project have an answer to this question. Control begins with the chip construction and ends only at the end of the IT infrastructure's life cycle.#Security Awareness #Security Risk Assessment #Security Strategy Architecture #HP Enterprise
Cyberattacks involving malware increased by 358 percent from 2019 to 2020, and doubled again in 2021[i]. The threat grew further due to the Russian invasion of Ukraine, which led to an eight-fold increase in phishing attacks from Russia against companies in Europe and the United States. But that is not the entire threat picture. Cybercrime starts as early as the supply chain. For this reason, there are companies and states that do not allow the purchase of certain hardware - because they fear that such devices open up vulnerabilities. In general, the IT supply chain holds more and more potential for danger. For example, through attacks in which compromised components such as baseboard management controllers (BMC), BIOS and firmware populate a server and exploit it before an operating system is even installed.
The ultimate zero trust architecture
In this dangerous environment, the zero trust approach grows increasingly popular[ii]. Zero trust assumes that users and software are not to be trusted by default. Any activity on an enterprise network is suspect until proven otherwise, and all users, devices, and applications must prove their identity and level of authentication before they are allowed to access resources. This is where Project Aurora from HPE comes into play[iii].
Aurora is a security platform that promises end-to-end security from chip to workload, in the cloud and at the edge of the network. The problem: To deliver on such a promise, production environments must be continuously monitored, measured, attested, and verified. Aurora is designed to do just that, guaranteeing this unbroken chain of custody, and enabling the building of the ultimate zero-trust architecture to secure the individual parts of an HPE IT infrastructure from the sourcing of materials to the end of life.
Malware detection in seconds instead of days
According to HPE, Aurora can automatically detect advanced threats from chip to cloud in seconds, compared to the previous detection time of a 28 day average. The technical foundation of Project Aurora is HPE's so-called Silicon Root of Trust[iv]. This hardware-validated boot process makes sure that a computer system can only be booted with code from an categorically unchangeable source. It is an anchor for the boot process that is rooted in the hardware and is absolutely impossible to update or change. This zero-trust architecture is designed to protect IT infrastructures and workloads from the latest and most insidious attacks.
Project Aurora will be embedded in HPE GreenLake Lighthouse and will later be extended to other GreenLake services[v].
Continuous supply chain monitoring
An integral part of Project Aurora, then, is securing the HPE supply chain. This includes physical presence at suppliers, regular security audits, and secure manufacturing. Once a server is manufactured and installed in a data center, delivery is validated through platform certificates and cryptographic signatures. Only after this validation has taken place will a secure handover be made to Project Aurora. Silicon root-of-trust technology and continuous scanning validate the approximately five million lines of code that the system executes before a server boots, and also validates the drivers and firmware used to support the server environment. This is then followed by a secure handoff to the operating system, where a baseline measurement is taken and continuously validated. This continues from the operating system to the platform (for example, middleware or container environment) to the workloads and data. The same security is replicated at the edge and in the cloud to create a unified and securely integrated environment.
Time is important when it comes to cybersecurity
For internal testing, HPE has recreated the Drovorub rootkit [vi]. Project Aurora was able to detect this malware in just two seconds. The ability to detect an attacker early on is key to a successful cybersecurity strategy. In addition, however, the right countermeasures must be initiated as quickly as possible. At UMB, we can provide both the technology and the necessary know-how to achieve this, and we have the necessary partners to do so. This also includes HPE. We apply the zero trust concept based on various technologies and process approaches. At UMB, cybersecurity is not viewed in isolation, but holistically, as part of IT, workplace, and digitalization concepts.
Do you want to know more about the zero trust concept in particular and cybersecurity concepts in general? Just contact us; we will gladly answer your questions.