Making Security Real: Choose Security-Minded Partners and Worry Less
If I had to guess, I’d say that every one of you reading this uses a computer in some way to get your job done. If I’m right, let me ask: if your computer was somehow compromised, could you still work? How would you ensure business operations could continue? Most people can’t answer these questions.
Virtually all organizations depend on the security of their machines. For years, security professionals have been warning us that the future’s greatest threats will come through the digital realm. That day is no longer coming. It’s already here, and not enough people are prepared.
Heightening the Threat Awareness
The modern threat landscape has expanded, notably through supply chain and nation-state attacks. It makes sense—why target small entities one at a time when big entities are invitingly unprotected? Cyberattacks have become opportunities for threat actors to get more bang for their buck, using a network to touch many organizations through a single portal. And with so much vulnerability, it’s no wonder security breaches happen every day.
We see it everywhere: critical resources like energy, water, and state and local governments are falling victim to a relentless barrage of attacks. Gigantic corporations have lost millions of files, emergency systems have been compromised, and the losses from such attacks have caused some enterprises to close their doors permanently.
Organizations need to close the IT security gap fast, and leadership teams that recognize this fact have shifted the conversation from internal protection to external protection. Where they used to ask, “what can we do to educate our teams?” They now ask, “how can we develop safer business components?”
They’re starting to understand the key to organizational security isn’t prevention alone. The answers come from partnerships—in word, deed, and action.
Defining a Comprehensive Security Partnership
Top-shelf security is the core of InfusionPoints, a black hat security test firm focused on developing cloud solutions and on-prem architecture. We’re a full lifecycle cybersecurity vendor focused on organizational compliance and cybersecurity needs. We operate using a “build, test, defend” methodology, working to comply with gap audits, risk assessments, and penetration testing (pentesting).
As the Director of NSOC & Operations at InfusionPoints, I live and breathe security. I mostly pivot between the testing and defense side of the team, helping clients protect what they’ve built with various solutions and conveying the importance of existing threats.
But when communicating the threat landscape to executives and directors, IT teams can face a considerable hurdle. Leadership, not security teams, call the shots, and if they don’t have much background in digital security, staying in alignment isn’t always possible. More than 60% of businesses believe robust security is critical to the success of their digital transformation. Still, most organizations are slow to implement those measures because the threats don’t seem real until their business is affected. But by then, it’s already too late.
At InfusionPoints, we strive to bridge the gap between technology staff and the C-suite, bringing theoretical situations into reality and helping execs realize that cyberattacks can happen to them. The more real the threat becomes, the faster companies move to protect themselves and their systems.
Security precautions aren’t cheap. Cost is the number one reason so many executives balk at the idea of shoring up their security and adding additional solutions to their stack. Some of these tools cost millions of dollars and are a tough pitch.
But one of the easiest places organizations can start is by evaluating their partners.
Ask yourself: when it comes to ordering, purchasing, and procuring equipment and devices, are your partners security minded? Do those partners keep up with the latest trends, continually perform research, and prioritize security above all else? Partnerships with security-minded enterprises are the best way to help organizations stay on top of threats.
What Does Being Security Minded Look Like?
I’ve stood at the front lines of the threat environment in more ways than one. Before InfusionPoints, I worked for an organization that experienced a major large cybersecurity incident resulting in three months’ downtime. We watched over 185 servers and 2,000 organizations get encrypted during the ransomware attack. The ransom itself was $53,000. Refusing to pay and recovering from the aftermath cost the company $2 million.
After sifting through the damage, our HPE boxes were the only thing left standing, untouched and operational. This resiliency was all the proof necessary for the company to refresh and recover their infrastructure with HPE solutions.
In the years since I left that company, HPE has continued to put security front and center, building robust security features into their hardware. And while we aim to be vendor-neutral at InfusionPoints, we use and suggest the best of the best.
All HPE solutions offer the Silicon Root of Trust, a way to ensure the identity and authenticity of silicon devices at an atomic level. This verification happens through a series of “handshakes” performed at the lowest possible level of firmware to the BIOS, which checks the entire system for anything suspicious. Regardless of an IT professional’s level of expertise, the Silicon Root of Trust can help identify, protect against, and recover from cyberattacks.
HPE also leverages Secure Boot, another security feature that ensures that each component launched during the boot process is digitally signed and that the signature is validated against a set of trusted certificates embedded in the UEFI BIOS.
In a variety of InfusionPoints pentests, the HPE ProLiant Gen10+ series servers performed better than any other vendor. They also make the solutions very user friendly. HPE offers a security dashboard in the management plane and suggestions for enabling settings that make the solution as strong as possible. This dashboard is a unique feature that makes security far easier for IT professionals to leverage, allowing them to allocate more time to projects rather than security snafus.
You could get cheaper services by allowing a company to monitor your environment overseas. But trust will always be an issue. There will always be a concern that any third-party monitoring the infrastructure of a US-based organization could be an adversary or be under the control of an adversary. HPE has created HPE Server Security Optimized Service for HPE ProLiant to validate that systems were built entirely on US soil ensuring the server begins its lifecycle uncompromised. From a supply chain stance, it doesn’t get much more secure than that.
At InfusionPoints, we practice what we preach. We leverage HPE ProLiant servers within our environment, along with Gen10s and several other iterations. Verifiable silicon, chips, and servers allow businesses, regardless of size, to take tangible steps toward a zero trust framework, reducing the human element and eliminating vulnerabilities.
Never Settle for Existing Security Measures
Take it from me: security is an ever-evolving, ever-changing state of being. The threat landscape changes daily, and so does the technology used to break into our systems. Security should likewise be an ongoing process.
IT staff have enough on their plate standing up new systems, spearheading new projects, and keeping the business operational. Creating a partnership with security-minded companies edifies what you already have and leverages the knowledge of others. It’s not weakness; it’s just strength in numbers. InfusionPoints exists to protect and help our customers, but we can’t do it alone. We partner with HPE because they’re good at what they do. And because we trust their solutions, my team can put our collective knowledge to its best use: preparing customers for digital warfare.
I like to think of it like insurance—nobody wants to pay the premiums, but when it comes time to make a claim, everyone’s happy they put in the time, money, and effort. The threat is clear and present even if your organization has never been the victim of a cyberattack. Like a burglary or a fender bender, it could always happen to you, and it could always be worse.
Remember, a threat actor only has to be right once, whereas IT staff and administrators have to be right every time. Even if nothing has ever happened, every organization we monitor has some malicious activity bubbling under the surface. Rather than wait for something to happen and spend millions of dollars to fix your business, seek out companies that increase your security posture from the beginning.
And for that, HPE is an easy bet.