June 22, 2021

HPE Discover 2021 Virtual Conference

Analysis work conducted for HPE by InfusionPoints in 2021 is being published during the HPE Discover 2021 conference this week. “As an independent trusted advisor, InfusionPoints has been working with HPE to test their server security technologies and features since 2017.  HPE invited us back earlier this year to test some of the latest features in their HPE ProLiant Gen10 Plus servers,” said Jason Shropshire, Chief Operating Officer at InfusionPoints.

InfusionPoints analyzed two new security features. The first was HPE Server Cryptographic Identities, industry standard identifiers for the iLO and Server based on IDevID, an industry standard device identifier. The new device identities provide trustworthy, strong authentication for HPE devices, enabling Zero Trust use cases, as well as full lifecycle management use cases for customer management systems and HPE’s Everything as a Service initiative. The second was the HPE Server Platform Certificate, a Trusted Computing Group (TCG) compliant platform certificate implementation providing the means for customers to validate the state of their servers at any point in their lifecycle.

“It has been a real pleasure working with a vendor like HPE that truly cares about being the leader in industry standard server security, and supply chain security. We have seen unprecedented attacks on global supply chain security in recent quarters, and it just seems to be getting worse. Defenders are fighting an asymmetric battle, and they need capabilities at all layers, hardware, firmware, management, and data planes,” Shropshire said. “Building these additional features off HPE’s Silicon Root of Trust that we first tested in 2017 answers the mail. HPE’s efforts are providing real countermeasures for certain types of attacks in the MITRE ATT&CK framework that are often overlooked. In fact, we have concluded that HPE Server Cryptographic Identities and HPE Server Platform Certificates cover ATT&CK TTPs 1200 (Hardware Additions) and 1199.003 (Compromise Hardware Supply Chain).”

Click here for access to InfusionPoints’ analysis of HPE Server Cryptographic Identities.

Click here for access to InfusionPoints’ analysis of HPE Server Platform Certificates.

About InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions, managing your security controls, and defending your consumer, employee, and supply chain information.

About HPE

HPE Increases your business agility by integrating scalable security throughout your organization at every step in your IT journey. HPE’s products and services leverage common security building blocks – from silicon to cloud – that continuously protect your infrastructure, workloads, and data, adapting to increasingly complex threats. HPE has the technology and expertise to capitalize on your prior investments and reinforce your existing strategy, transforming security from a barrier to an accelerator of Innovation. Learn more:  https://www.hpe.com/security