>> Announcer: Live from Las Vegas it's theCUBE. Covering HPE Discover 2017 Brought to you by Hewlett-Packard Enterprise. >> Okay welcome back everyone, we're here live in Las Vegas it's theCUBE's exclusive coverage of HPE Discover 2017. HP Enterprises premier show, it's theCube on our third day I'm John Furrier, my co-host Dave Vallante. And our next guest Bob Moore returning back, Director of Server Software Private Security, he's got the hottest product, he's here on the show. We're going to go do a deeper dive. And Jason Shropshire SVP, CTO of InfusionPoints. Welcome back welcome to theCUBE. >> John, thank you Dave. You're the talk of the town here on the show with the simple messaging that is clean and tight. But outside of that, from a product stand point is really some of the security stuff you guys are doing in the Silicon. >> Bob: It is. >> In the server with Gen 10, pretty game changing, we've been curious, we want more information. >> Bob: Yeah. >> John: Give us some more update, what's the update? >> Glad to do that we're really proud of the announcement of course it's a big bold announcement this week. Claiming ourselves the world's most secure industry standard server. So that's big, that's huge, that's based on this new revolutionary security technology that we've been developing frankly over the past couple of years. So it's been two or three years in the making. A lot of hard work, we actually started to look at what type of security trends were happening, and what we might have to do to protect the servers. And we've come up with a game changing capability here. And it's one thing for us to say it internally at HPE, but we are so certain that we are in a great security position that we went external and found a security firm outside, that independently could look at it and do some compare, contrast testing with a competitive unit, so. >> So let's drill into that, actually I had some other questions on the industry in terms of what is going on at the chip level. Always on security is kind of a theme we've heard in the past from some of your competitors, but lets get into some of the competitive analysis. What do you guys see in the benchmarks. Jason, what do you guys discussing , because at the end of the day, claims are one thing. No offense to HP, you're kind of biased of course. We have folks on from the marketing team as well. Where's the proof in the pudding? >> Oh yeah, well one thing that we know for sure is that threat is real, right, with firmware. And it was great for us to analyze HP's new technology. We had on the bench two different beta units. >> John: You guys are the ones who did the benchmark. >> Jason: Yes the analysis. >> Independent. >> Independent yeah, FusionPoints is a cyber security firm independent from HP, they approached us to do the testing. >> John: Okay. >> We have head analysts that do this sort of thing all the time for our customers. >> So take us through what happened. >> Yeah so they procured for us three competitor servers. Sent them to our shop. We set them on a bench, all side by side. From what I can tell, no one's ever really done a test like that, you know, within the server industry. It was very exciting. There's been a lot of benchmarking done and performance, things like that. But from a black hat stand point, to actually look at the hardware, that hardware level testing, we couldn't find any examples of anyone doing it. I thought that alone was just evidence that HP was very serious about security and they knew what they had. So. >> John: You guys getting your answer, because you know the malware, and all the ransomware going on. People are going through elaborate lengths. >> Jason: Absolutely. >> Business model, organized teams, this is a really orchestrated security market now, with the black hat guys out there, really hacking away at every angle. >> Yeah well, you know we saw evidence that firmware issues and exploits are here to stay. The Vault7 release that happened recently showed us that there are exploit kits. Intel security released within a day a tool to let you do firmware validation. But to do that you have to take your server offline and build a gold image of what that firmware should look like. And then compare like a week later if you think you might have had a breech. You have to take your server down and compare it against that gold image. And who has the time to do that? But what we found in analyzing the Gen 10 server is HP has built this in, where this can be done in real time, while the server is running. No performance hit, no down time. It really is a revolutionary game changer I think for firmware security. >> So Bob, can you explain what IP you developed in Silicon that Intel, where do they leave off and you pick up? >> Sure, sure because Intel has some great security technology. And we actually support a lot of Intel technology. Their TXT, their Trusted Execution Technology as part of our Gen 10 servers. But what we've done at HPE is we've really taken it multiple steps further than that and we've developed. Because we're in a position where we develop our own custom HPE iLo-silicon chip, we're able to anchor what we actually do, imbed the cryptographic algorithms into that, and we anchor all the server's essential firmware. Right, think of it as anchoring it down into the bedrock. So there's really no way you can get in and breach that. And even if you did, instead of taking it offline like Jason was talking about here. We have the ability to not only provide that protection, but we would detect any type of malware or virus that gets in. And then frankly, we can recover that, almost immediately within a few minutes. In fact we're demonstrating that here during Discover this week. >> Is there anyplace online where people can get information, people watching, probably curious. >> Bob: Sure >> You can just give them the URL. >> Yeah just naturally it's our HPE.com/security. And that where there we've got some white papers there and other things there. >> So you say you can recover universally instantaneously. >> Bob: Yes. >> And you do that by what, fencing certain resources or... >> Yeah well what we've done, is we verify as the server is running, we're doing a runtime for more validation. So we're checking that firmware, making sure it's free of any malware, viruses, or compromised code. Completely perfect in original shape, like when we ship it from the factory. And we're storing in another location inside the server, a secure copy of that. Think of it as log box, inside the server, where it can't be found unless we need it to go into recovery mode. Then we draw from that, we've checked it daily, we've stored it there, we know it's authentic, and we can pull that back into recover in case something does happen to the server. >> And then asynchronously reclaim that wasted resource, clean it up and bring it back online. >> We can, we can recover the server, the firmware, toward the end of the year, we'll be recovering the operating system as well. Also we've got a really holistic way to get that recovered. When we talk to customers, a real big concern, and sometimes it's called bricking a server, you've got a bricked server, something that just won't operate. And it's important because 60% of small businesses that suffer a security breach, go out of business within six months, so it can be huge that lack of cashflow for customers. It's that denial of service, that disruption of business. Well we prevent all that, because we can not only protect the server, but then recover from a breach. >> So the anatomy of that breach, can we go through a common use case? So malware gets in, it gets into the server, it's hiding, typically you don't know about it. And in this new scenario with your Gen 10. You'll be able to identify that. >> Bob: That's right. >> To protect it, okay. And if I understand, the business impact of the problem you're solving is, not only are you sort of automating that protection, but you're also eliminating, a lot of wasted time, and downtime, and accelerating the response. >> Yeah I think that's what Jason was talking about earlier. Normally, if you're server gets infected, you completely take it off line and then do a manual recovery. And customers still have the choice to do that, but in our case we can recover immediately within a few minutes if something happens and gets a breach. >> Those types of exploits are typically in the data plane as well. With firmware you can't even really detect that you've been hacked. So down in the firmware virus scanners, those things don't work. So if you have a BIOS exploit, that is on either the iLO, that would be on the BMC the baseboard management controller. And undetectable by the operating system. >> That's crazy because it's a clean haven for hackers. I mean they know how to get in there, once you're in there, you're in. >> I don't know if a lot of customers realize this but the first thing when you turn a server on, there first thing that comes on is the firmware. In our case it's the iLO firmware. Over a million lines of the firmware code run before the operating system even starts. So that can be a cess pool for a trojan horse. And the research shows a virus, somewhat analogous to a human virus, it can stay there, hibernate in there for months, maybe even a year or more until it springs forth and opens up the passwords or bricks your servers, or does some nefarious thing. >> A cesspool from the customer standpoint, from a hacker is like going to the beach. Pina Coladas, you're clean you're down there having fun. >> Well what's your stats? The average time to detect an intrusion is over 200 days. >> Bob: That's right yeah. >> So essentially, you're detecting it instantaneously. >> We can, we run that runtime firmware validation on a regular basis, can be run as much as everyday, and so you'll know almost immediately. Which is really great because of a lot of regulatory bodies want to know if a breach has occurred. So this gives customers the ability to know somethings happened to them. >> Jason I want to challenge the claim here, because first of all I love the bravado. Yeah, we're bad ass, we're number one. >> We know that. >> What is the, how did the leaderboard come out? What was the results? Did HP come out number one? >> Oh absolutely. >> What's the lead, what's the gap, talk about the gap between HP and other servers. Did they send you the best servers? What was the benchmark, I'm sure you did your due diligence, take us to more of the results. >> Sure, sure, so yeah again we were comparing all the servers side by side. A test that had never been done from what I'd seen. When we looked at by feature, by feature, and started analyzing things. We sort of broke down and we saw we really had two different angles that we were looking at. The penetration test as aspect. What we were looking for vulnerabilities in the firmware, at the physical layer, at the network layer. They passed that with flying colors. We found a few minor issues that they jumped on and resolved for us in a matter of hours or days. And then the other aspect was a feature by feature comparison that we looked at. We looked at the silicon retruss obviously and we saw what the others were doing there. At best the other guys were using firmware to validate firmware. The obvious issue with that is if the firmware is compromised it's not trustworthy. >> Spoof, yeah, yeah. >> It's in no position to validate and verify. >> It's like Wallstreet policing itself. >> Jason: Yeah, can't trust that, They have a revolutionary intrusion detection switch on the Gen 10, that actually detects. If the lid is lifted on the server, anywhere from when it leaves the factory to the garage of the installation point, server doesn't have to be plugged in like the other guys. >> So if it's just a physical casing breach, >> Jason: Exactly. >> What happens there, flags the firmware, makes a note, does it shut it down? What happens? >> It makes a note, it puts it in the log entry so you can tell if that server has been tampered with in transit. >> So the insider threat potential should go away with that. >> Right, physical access, you don't have to worry about that because we can verify that server gets to the customer in it's unique, original, authentic condition. Because even though the power is off that is going to register and auto log an alert if that chassis has been opened. >> So I can't go to the vault of the Bellagio, like they did in Ocean's Eleven and put my little, and break into the server and you know go in there. >> Bob: Exactly. >> Okay, now back to the results. So the other guys, did they all pass or what. >> Well we did find some issues that we're looking at and doing some further testing on. >> So we're going to be polite and respect the confidentiality you have the ethos of security as you know sharing data is a huge deal, and it's for the integrity of the customer that you have to think about so props for that. For not digging into it, we'll wait for an official report if it does come out. Alright, so I got to ask you a personal question Jason. As someone who is in the front lines. You know every time there's a new kind of way, whether it's Bitcoin and Block chaining, you see a slew of underbelly hacking that goes mainstream that people are victimized. In this case firmware is now exposed, well known. >> Jason: Yeah. >> What as a professional, what gets you excited, and what gets you alarmed if anything about this? What new revelations have you walked away with from this? >> Well it's just how pervasive this issue is. You know the internet of things has exploded the number of IP devices that are out there. Most of them have, firmware issues, almost all of them have firmware issues. And we've just now seen bot nets being created by these devices. Cameras, IP cameras and things like that, that become attack platforms. So I just want, one of the things that impressed me very much about HP's approach here is that they're being a good corporate citizen by making a platform that's going to be implemented in tens of thousands IP addresses. Those systems I think will be much more secure. Again it can't become an attack platform for other people, for attackers to abuse. >> So the surface area, so your point about IOT. We always talk about the surface area of attack vectors. And that vector can then be minimized at the server level, because that's like the first mile in. >> Right we come and really refer to that as the attack vector or the attack surface. And so we narrow that attack surface way down. >> Can you even subjectively giVe us a sense as to how much of the problem this approach addresses? I mean is it 1%, 10%, 50% of the attacks that are out there? >> I think the important thing here is moving, shifting the bar. I've likened this, what HP is doing here to what Bill Gates did 15 years ago with the Microsoft memo. I mean that really revolutionized operating systems security within Microsoft and I think it had a ripple effect out into the industry as well. So I think HP is really pushing the bar in the same way but for firmware, instead of the operating system level that was the paradigm 15 years ago. >> And I think you'll find on our website we put some of the studies actually, and it's over half, I think it's 52% of the firms that responded have had a breach or malware virus in their firmware. So over half of those, and 17% had a catastrophic issue with that, it really is more pervasive. We've seen a lot of news about the data plane level, where thefts are taking place at the application level of the operati6ng system. And we've got to pay attention to the firmware layer now because that's like I said, a million lines of code in there running. And it could be an area where a trojan horse can sit, and we essentailly narrow that attack surface. We're also delivering with the Gen 10, the highest, the strongest set of security ciphers available in the world today. And that's a commercial national security algorithms. We're the only ones to support in our server, so we're proud of that. >> Well Bob and Jason thanks so much for sharing the insite. It's super exciting and relevant area, in the sense that it's super important for businesses and we're going to keep tracking this because the Wikibond team just put out new research around true private cloud, showing the on prim, cloudlike environments will be 260 billion dollar market. That's new research, that's groundbreaking, but points to the fact that the on pram server situation is going to be growing actually. >> Jason: For sure. >> So this is, and with cloud there's no perimeter so here you go, firmwares, potential exposure you solved that problem with good innovation. Thanks so much for sharing. >> Thanks you guys. >> Thank you. >> The inside Jason and Bob here on theCUBE talking about security servers, attack vectors, no perimeter, it's a bad world out there. Make sure you keep it protected of course. This is CUBE bringing you all the action here at HPE Discover. We'll be right back with more live coverage after this short break. I'm John Furrier, Dave Vellan6te. Be right back after this short break, stay with us.