Enterprises are taking a closer look at securing information technology infrastructure, and it’s proving to be a tall order.

The work to secure virtual and bare metal machines, in addition to the software that runs on them, has revealed a catalog of vulnerabilities that outstrip the tools designed to guard against intrusion. This is the challenge confronting most organizations today as the threat landscape continues to evolve and cyber risks expand.

In a special presentation with Dell Technologies Inc., theCUBE, SiliconANGLE Media’s livestreaming studio, broadcast the “A Blueprint for Trusted Infrastructure” event on Sept. 20. The event featured exclusive interviews with Dell executives who discussed technologies and philosophies behind Dell’s trusted infrastructure initiative and how enterprises can take the necessary steps to strengthen security. (* Disclosure below.)

Here are three insights you might have missed:

1. The cloud is emerging as a prime target for malicious actors.

In the early days of cloud computing, the lure for enterprises was to migrate critical data and workloads from on-premises infrastructure because the cloud platform offered a safer haven from hackers. Evidence from recent events indicates that this narrative may have changed.

A report released in early September by Snyk Inc. revealed that 80% of organizations contacted by an independent survey firm had experienced a severe cloud incident on the past year. A new IBM Security X-Force cloud threat landscape report found that many cloud-adopting businesses were lagging behind in basic security implementation.

The major cloud providers have also experienced a bumpy road in 2022. In March, the Lapsus$ hacking group posted evidence of a breach involving Microsoft’s internal Azure DevOps deployment. More recently, as details continue to surface surrounding a breach of Uber Inc.’s network, the hack reportedly included access to cloud servers on Amazon Web Services Inc. and Google Cloud Platform.

“I don’t see cloud computing as a panacea for security. I see it as another attack surface,” said Pete Gerr (pictured), senior consultant of cybersecurity and resiliency marketing at Dell, in an interview with theCUBE. “It’s another aspect in front that security organizations have to manage; it’s part of their infrastructure today.”

Here’s Pete Gerr’s and Dell’s Senior Cybersecurity Consultant Steve Kenniston’s complete video session:

2. Supply chain security has become a key issue for managing devices and software.

The 2020 SolarWinds attack, in which the compromise of a software tool led to damages approaching $100 billion, was a wakeup call for the tech industry that supply chain security needed more attention. Based on actions of the U.S. government, the concern level has only gotten higher.

The White House has been especially active in this area since May 2021, when it issued an Executive  Order to make supply chain security a top priority for federal agencies. It tasked the National Institute of Standards and Technology with responsibility for providing guidance in the development of secure frameworks and, in early September, directed the federal government to comply with NIST standards.

In a separate action, the National Security Agency released its own software supply chain security guidance just weeks ago that was designed to support developers.

The hardware supply chain has been targeted by malicious actors as well. The cybersecurity research firm Sansec disclosed earlier this year that attackers compromised a distribution server run by FishPig, a provider of extensions for the widely used Magento e-commerce platform that is now owned by Adobe.

“Knowing what you’re going to get when you receive it, that it is going to be secure and not tampered with, becomes vitally important,” Kenniston said during the event. “Whether it’s storage or laptops or PCs, you want to know that those devices can be trusted.”

3. Dell’s partnership with Index Engines has put the focus on cyber resilience to combat ransomware attacks.

Improvement in supply chain and cloud security will need solutions that validate the integrity of data and files inside IT infrastructure. Since 2018, Dell has partnered with Index Engines Inc. to deploy the software firm’s CyberSense monitoring technology across much of its portfolio.

Dell incorporates CyberSense machine learning analysis to detect suspicious behavior or data corruption.

“It’s doing full content analytics,” said Rob Emsley, head of data protection and cybersecurity marketing at Dell, during an interview for the event. “Has the data changed in any way? It’s looking for different characteristics that are an indicator something is going on.”

Here’s Emsley’s complete video session:

What could be going on is a ransomware attack, a preferred threat vector for many hackers. The integration of CyberSense scanning with Dell’s PowerProtect Cyber Recovery vault provides users with a safe version of files and databases that can be used to restore operations for a business. It is yet another example of how AI tools are becoming more integral for enterprise security.

“With the advent and use of AI and machine learning, detection tools for cybersecurity have really evolved in the network and application space,” said Parasar Kodati, senior consultant of ISG product marketing at Dell, in an interview on theCUBE. “Cyber resilience is basically a strategy which assumes that a threat is imminent. It’s a good assumption with the severity and frequency of attacks that are happening.”

Here’s Kodati’s complete video session:

You can also watch the entire “A Blueprint for Trusted Infrastructure” event on-demand below, or visit theCUBE’s exclusive event website:

(* Disclosure: TheCUBE is a paid media partner for the “A Blueprint for Trusted Infrastructure” event. Neither Dell, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE