Data centers are prime targets for cybercriminals because they are treasure troves of critical data. Knowing the information they store is coveted, data center operators implement robust security measures and protocols to protect against attacks and ensure the privacy of client data. Despite advances in security technology, however, ransomware and other types of attacks are increasing, proving that today’s data centers are not impregnable.
So many tools, so much time
Cybercriminals have a wide array of tools at their disposal. Distributed denial of service (DDoS) attacks can overload a data center’s servers, causing them to crash and render the data inaccessible. Malware can be used to gain access to a data center’s systems, stealing data, or damaging infrastructure. Threats from within an organization by employees or contractors with access to the data center’s systems can intentionally (or accidentally) harm the data or infrastructure.
Social engineering attacks such as phishing can unwittingly trick employees into divulging sensitive information or providing access to data-center systems. From the initial breach, malware continues to attack the targeted system through the paths of least resistance, after which it may either infiltrate the data center immediately or lie in wait for days, months or even years until conditions are right for exploitation.
Trust nothing, verify everything
With so much at stake and with hackers continuously changing their digital camouflage like chameleons, the cybersecurity industry has come to realize that current generations of applications are inadequate. One solution is to use cybersecurity best practices anchored in Zero Trust, a premise that reverses the assumption that anything or anyone inside the network can be trusted. The Zero Trust mantra is “never trust, always verify.”
The protocol assumes that every attempt at a potential connection must be verified before it is allowed to communicate with a network device. Even when access is granted, it can be revoked should the user fail a re-authentication test. A new generation of the approach makes extensive use of artificial intelligence because the threat landscape continuously changes.
AI algorithms can process massive amounts of threat intelligence data in near real-time and then add them to a threat library. This AI processing can be performed with a single device called a trust platform module (TPM) within the control plane of the server. The TPM uses AI to authenticate the identity of credential holders before approving their access to documents. Frequent authentication is achieved by issuing encrypted keys designed to verify user identity.
A prime example of this hardware-anchored, AI-driven approach to platform security is
Axiado’s trusted control/compute unit (TCU). The TCU has four domains, each dedicated to a specific function set that collectively provides protection for the most common threats: ransomware, side-channel attacks, network-level attacks, and anomalous behavior.
Breach containment
According to IBM Security’s most recent annual Cost of a Data Breach Report, the average cost of a data breach reached a record high of $4.45 million in 2023. The report concluded that AI technology had the greatest impact on accelerating the speed of breach identification and containment. In fact, organizations that fully deployed AI cybersecurity approaches typically experienced 108-day shorter data breach lifecycles and significantly lower incident costs (on average, nearly $1.8 million lower) compared to organizations without these technologies.
The ability of a hardware-anchored, AI-driven security platform to continuously monitor and perform run-time attestation of cloud containers, platform operating systems, and firmware creates efficiencies that help reduce time spent investigating potential threats. A hardware solution that integrates AI into a chip can analyze behaviors and CPU usage. That allows it to immediately investigate anomalies in user activity.
With this approach, networks can no longer be infiltrated because of software vulnerabilities or porous firmware. AI technology enables heterogeneous platforms that include root-of-trust (RoT) and baseboard management controllers (BMCs) to offer hierarchy and security manageability. By deterring cybercrime at the hardware level, the industry can finally address the long-standing shortfalls of online security.
Cybercriminals often target BMCs to execute their schemes to steal data for ransom, implant malicious code that can cause users to reveal passwords and other sensitive data, or bring down an entire network to cause chaotic service disruptions. These vulnerabilities usually emerge when a third-party program or firmware is installed in a device that allows arbitrary read and write access to a BMC’s physical address. The BMC is a key target for cybercriminals because it is the first processor to run on a server, even before a main processor like the CPU and GPU. As such, hacking a BMC’s firmware can affect every other firmware or software application that runs after it.
Hardware-Anchored, AI-Driven Security
Hardware-based detection involves specialized hardware devices that monitor system behavior and detect signs of an attack by monitoring CPU usage, disk activity, and network traffic. Network packet behavior anomaly detection involves monitoring network traffic and analyzing packets to identify unusual patterns or behaviors that may indicate an attack. Hardware-based anomaly detection enables system administrators to detect and prevent ransomware attacks before they cause significant damage.
CPU performance monitor counters detect attacks by identifying unusual CPU usage and identify unusual patterns so system administrators can forestall damage. AI engines significantly enhance detection by identifying advanced attack patterns that traditional techniques may not detect. Analyzing large amounts of data and identifying subtle patterns are an integral attribute of AI-based hardware security.
External root-of-trust monitoring provides an additional layer of security against attackers. The RoT entity can monitor system performance and detect any attempts by attackers to tamper with or bypass the monitoring mechanisms. The RoT also can be used to securely store the cryptographic keys and certificates necessary for ransomware detection. By storing these keys in a secure and tamper-proof manner, the RoT can prevent attackers from compromising the keys and using them to evade detection.
The RoT entity can also provide secure boot capabilities, ensuring that the system boots only from trusted and verified sources. This prevents attackers from installing malicious software during the boot process, which can bypass the ransomware detection mechanisms. By incorporating an external RoT into the ransomware detection solution, system administrators can provide an additional layer of protection against attackers and ensure the integrity and confidentiality of the monitoring mechanisms and cryptographic keys.
OCP Takes the Lead
Attacks pose a growing threat to data centers and the traditional methods of addressing these attacks are not enough. To address this need, a modular solution offered by the Open Compute Project (OCP) aims to integrate server management, security, and control features from a typical motherboard into a module.
The module solution consists of a daughter card called the data center secure control module (DC-SCM), designed in vertical or horizontal form factors that can be used across various data-center platforms. By adding intelligence to the DC-SCM platform, the solution can replace all the SoCs on the motherboard, including the BMC, RoT, trusted platform module, programmable FPGA/CPLD, and management local-area network (LAN). This approach provides an integrated solution that fits the unique needs and levels of security of different types of servers. It also allows users to tap into the momentum behind the broader open-source hardware community through groups like the CHIPS Alliance, OpenPOWER, and RISC-V.
The OCP predicts that 20 to 30 percent of systems coming to market in 2023 will incorporate a DC-SCM card, with 100 percent adoption expected by 2024. By embracing the OCP’s modular solution and adding intelligence to the platform, the industry can take a significant step toward mitigating the impact of ransomware attacks and reducing the costs associated with system replacement.
Summary
With an emphasis on cybersecurity coming from the highest levels of both government and industry, the safety of networks has become a leading priority for all organizations. The next generation of hardware-anchored, AI-driven security platforms can create a more robust Zero Trust architecture for data networks, enabling a more rigorous approach to secret key storage and management. Ultimately, more effective Zero Trust practices will secure the future of data centers and give peace of mind to our digital communications for years to come.