7 Hot New Dell Technologies Security Products And Services
Dell Technologies is rolling out seven new tools that not only bring more security to the company’s infrastructure and supply chain but also infuse it into the process of consuming, utilizing and decommissioning technology.
Bringing Security To The Core
Advancements in security have not kept up with digital transformation efforts over the past decade, forcing customers to assume that there are already threat actors in their infrastructure who won’t be spotted until something bad happens, according to Dell Technologies Global CTO John Roese. As a result, Roese said security professionals live in constant fear of a successful breach at their organization.
“We take the perspective that that‘s not a sufficient answer and we need to do more,” Roese said. “We need to start transforming the way we think about security and try to change to a model that at least allows us to keep up with the security threats as they’re emerging.”
The security industry has too often taken the approach of coming up with a new product for every problem, and Roese said these products are typically bolted onto the customer’s environment as an afterthought. In response, Roese said Dell Technologies has been laser-focused on developing intrinsic security where protection is built into the environment and made core to the infrastructure itself.
Now, Roese said Dell Technologies is looking to not only build security into its infrastructure but also infuse it into the process of consuming, utilizing and decommissioning technology. Roese, Sylvia Seybel - VP of security and client solutions marketing - and Mukund Khatri - fellow, office of the infrastructure solutions group CTO - discussed seven new tools to help secure Dell’s infrastructure and supply chain.
7. Keep Your Hard Drive And Keep Your Component
These Dell EMC services have been extended to the company’s entire infrastructure portfolio to assist customers in case any of their components have failed, according to Seybel. Keeping components and hard drives within a customer’s facility even when they’re being swapped out really helps clients retain control over their data, Seybel said.
Businesses in industries with high security requirements really don’t want to let go of their components and might even be required to physically keep their data with them at all times, Seybel said. Dell EMC is therefore now offering to come to client facilities and change their components without ever taking them away so that the customer has control over the components the entire time, according to Seybel.
6. Data Sanitization And Data Destruction
Data sanitization ensures that customers keep control of their data even when they’re looking to redeploy some of their assets so that they’re able to start over again from a clean slate, Seybel said. And if a customer is looking to decommission any of their assets, Seybel said Dell EMC can make absolutely sure that all their data has been destroyed.
With data sanitization, Seybel said Dell EMC overwrites the information on the device to ensure that the data that was on there before is not able to be used again. And if a client is looking to retire a system, Seybel said Dell EMC can come to the customer’s facility and make sure that the data is securely taken away.
5. Integrated Dell Remote Access Controller (iDRAC)
Dell’s remote access controller for its infrastructure products and cloud servers has been to allow for the seamless lockdown of network interface controllers to prevent unwanted program changes, Seybel said. iDRAC allows customers to enable or disable a system lockdown without having to reboot, ensuring that unintended or malicious changes to a server’s firmware or critical configuration data don’t take place.
Dell is also introducing two-factor authentication around iDRAC as well as support for RSA SecurID to further verify that the right user is actually going to access the right products, according to Seybel. In addition, iDRAC certificates can now be managed via Redfish APIs to allow for easy access scripting as well as the automation of secure erase scripting across servers.
4. OpenManage Ansible Modules
The Ansible infrastructure management paradigm can be used in lieu of third-party tools that allow customers to provision and control infrastructure through automation scripts, Roese said. Connecting Ansible with Dell’s dynamic system lockdown means that customers can now automate their ability to enable or disable a system lockdown, according to Roese.
After configuring their servers and underlying infrastructure, Roese said customers typically like to keep their systems locked down to defend against BIOS-level attacks under the operating system. But clients periodically need to make changes to their system, which Roese said historically meant they’d have to manually unlock the system on a box by box basis, which was a heavy burden for the IT organization.
But with Ansible, Roese said the new capability can not only be created but also pulled into the client’s workflow and automation layer, meaning that security is delivered as part of the operating model. Customers often avoid security that creates additional work within the company, so features like dynamic lockdown that can be done seamlessly and intrinsically are particularly helpful for businesses.
3. PowerEdge UEFI Secure Boot Customization
Secure Boot Customization allows IT organizations to actually have their own custom certificates for their boot process, which Seybel said is probably going to be most relevant for customers operating in industries with extremely tight security such as finance. This capability really eliminates a customer’s dependency on any third-party certificates to boot their systems, which Seybel said is exclusive to Dell.
Third-party certificates are used across a broad set of devices and operating systems, which Khatri said increases the threat surface for customers. Secure Boot Customization eliminates the need for third-party certificates altogether, which Khatri said gives control of all the certificates back to the customer.
Clients operating in a custom Linux or otherwise customized environments can take advantage of Secure Boot Customization to have their own certificates and be insulated against threat vectors from third-party certificate authorities that would otherwise affect them. This protect clients from vulnerabilities that exist in common bootloaders as recently highlighted in a U.S. National Security Agency report.
2. Secured Component Verification
Secured Component Verification provides cryptographic proof that the server arriving at a customer’s facility is what they ordered, and that all the components in the server remain entirely unaltered, Seybel said. As a result, Seybel said Dell is the only server vendor currently offering a cross-portfolio solution for cryptographically verified hardware integrity.
There are plenty of examples over the past two decades of technology moving through not only the supply chain but also through the distribution channel where the infrastructure itself was intercepted and modified in some way, according to Roese. Secured Component Verification provides authoritative evidence that the components initially put into the product are the same ones the customer is receiving.
By verifying that the product the customer received is the same one they expected, Roese said clients can minimize security threats such as an adversary putting in a compromised memory drive or swapping in a component that might have some kind of backdoor in it. While this scenario is unlikely, Roese said it’s a legitimate source of concern in more sensitive environments such as critical infrastructure.
1. SafeSupply Chain
When Dell client systems leave the company’s factory, Seybel said there are potentially many things that could happen that would make them an easy target for attackers. SafeSupply Chain is intended to give customers assurance that Dell systems and infrastructure arriving at a client site haven’t been tampered with, according to Seybel.
As a result, Seybel said customers can be confident that they have a clean slate and that nothing has been tampered with when they start imaging their new system. In addition to ensuring that no one has access to the customer’s computer, SafeSupply Chain also included a NIST-compliant hard drive wipe to ensure spyware or illicit agents haven’t been injected into a device’s hard drive.
The tamper-evident seals are added to the device and its box at the factory before shipping, with customers offered optional pallet seats for additional security, according to the company. SafeSupply Chain is at the moment only available in the United States for commercial PCs, and Seybel said the company is looking into timelines around when it’ll be available elsewhere.