Wikileaks’ Vault 7 report revealed a host of malware types that can penetrate devices’ firmware, rendering many traditional recovery methods ineffective.

“We saw evidence that firmware issues and exploits are here to stay,” said Jason Shropshire (pictured, left), senior vice president and chief technology officer at InfusionPoints LLC, a security testing and solutions company.

Joining Shropshire at HPE Discover in Las Vegas, Nevada, was Bob Moore (pictured, right), director of server software and product security at Hewlett Packard Enterprise Co., to discuss HPEs’ new approach to firmware security.

The response to Vault 7 shows that most hardware and software security vendors are ill-equipped to defend firmware, Shropshire pointed out.

For instance, Intel Corp. rush-released a firmware validation tool, he told John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile live streaming studio. (* Disclosure below.)

Intel’s haste shows in the tool’s performance, according to Shropshire; users must take their servers offline and build a gold image — a compressed archive of the installed firmware system. “If you think you might have had a breach, you have to take your server down and compare against that gold image — and who has time to do that?” Shropshire asked.

InfusionPoints’ tests found that HPE’s Gen10 secure servers built this process in and sped it up to near-real-time, completing it without any downtime, he explained.

Firmer ware

Gen10 servers support many Intel technologies, Moore stated, with a nod to Intel’s excellence in many areas. However, Gen10 has gone several steps beyond Intel in its firmware protection, according to Moore.

“When you turn a server on, the first thing that comes on is the firmware — and in our case it’s the iLO firmware; over a million lines of the firmware code run before the operating system even starts,” he said.

This gives Trojan Horse attackers ample surface area to breach, so they can hibernate in the firmware for months or longer before opening passwords, he stated.

Gen10 ProLiant servers embed HPEs “silicon root of trust” hardware-firmware integration in the server’s bedrock, allowing immediate firmware validation, Moore explained.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s independent editorial coverage of HPE Discover US 2017. (* Disclosure: TheCUBE is a paid media partner for HPE Discover US 2017. Neither Hewlett Packard Enterprise Co. nor other sponsors have editorial control on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE