 The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling has grown over the years, causing complexity and driving up costs and increasing exposures. So the game of whack-a-mole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S3 bucket, and what the customer is responsible for, e.g., properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that, of course, includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions, as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. I'm not saying that SecOps pros are not talented, they are. There just aren't enough of them to go around. And the adversary is also talented and very creative, and there are more and more of them every day. Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SecOps teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components on to the technology vendor via R&D and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, a blueprint for trusted infrastructure made possible by Dell Technologies and produced by theCUBE. My name is Dave Vellante and I'm your host. Now previously, we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now today we continue the discussion and look more deeply into servers, networking and hyper-converged infrastructure to better understand the critical aspects of how one company, Dell, is securing these elements so that DevSecOps teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak Rangaraj, PowerEdge security product manager at Dell Technologies. And after that, we're going to bring on Mahesh Nagarathnam who was a consultant in the networking product management area at Dell and finally we'll close with Jerome West who is the product management security lead for HCI hyper-converged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. We're kicking off with Deepak Rangaraj who's PowerEdge security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. Thank you for having me. So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection and security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? Sure, so if you look at compute in general, right? It has rapidly evolved over the past couple of years especially with trends towards software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud, edge locations, remote offices and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered a ramp in the regulatory and mandates around the security needs. And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it will also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates and this could be based on the industry which they are operating in or it could be their own security postures. And this is the last given which servers are operating in today. And given that service, the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the models of the platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from this supply chain to the manufacturing and then eventually assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that security should enable our customers to go focus on their business and proactive with everything on their business and it should not be a burden to them. And we heavily invest to make it possible for our customers. So this is really important because the premise that I set up at the beginning of this was really that as a security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I got to deal with. I want a company like Dell who has the resources to build that security in, to deal with the supply chain, to ensure the provenance, et cetera. So I'm glad you hit on that. But so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? Yeah, like when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is non-negotiable, right? It's never an afterthought where you come up with a design and then later on figure out how to go make it secure, right? With our security development life cycle, the products are being designed to counter these threats right from the beginning. And in addition to that, we're also testing and evaluating these products continuously to identify vulnerabilities. We also have external third-party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerabilities and exposures found out in the field and provide mitigations and patches for those in a timely manner. So this security principle is also built into our server life cycle, right? Every phase of it. So we want our products to provide cutting-edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model has done. We are building on it and continuously improving it. So a few years ago, our model was primarily based on the NIST framework of protect, detect, and recover. And it still aligns really well to that framework. But over the past couple of years, we have seen how computers evolved, how the threats have evolved, and we've also seen the regulatory trends. And we recognize the fact that the best security strategy for the modern world is a zero-trust approach. And so now when we are building our infrastructure and tools and offerings for our customers, first and foremost, they are cyber resilient, right? What we mean by that is they're capable of anticipating threats with standing attacks and rapidly recovering from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities, however, is done through the zero-trust framework. And that's very important because now we're also anticipating how our customers will end up using these capabilities at their end to enable their own zero-trust ID environments and ID zero-trust deployments. We have completely adapted our security approach to make it easier for customers to work with us, no matter where they are and their journey towards zero-trust adoption. So thank you for that. You mentioned the NIST framework. You talked about zero-trust. When I think about NIST, I think as well about layered approaches. And when I think about zero-trust, I think about if you don't have access to it, you're not getting access. You got to earn that access and you've got layers. And then you still assume that bad guys are going to get in. So you've got to detect that and you've got a response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? What you said is exactly right. Breaches are bound to happen. Given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained within offices where you can set up a parameter firewall and say, yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero-trust approach, which uses the principles nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device and every single access in your system at every single level of your IDE environment. And this is the principle that we use on PowerEdge, right? But with an increased focus on providing granular controls and checks based on the principles of least privileged access. So the idea is that servers, first and foremost, need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur. And if they do, they need to be minimized such that the sphere of damage caused by the attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius, for instance, has to be reduced. And this is done through features like automated detection capabilities and automated remediation capabilities. So some examples are, as part of our end-to-end boot resilience process, we have what we call a system lockdown, right? We can lock down the configuration of the system and lock down the firmware versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration. And we can figure out if the drift was caused due to authorized changes or unauthorized changes. And if it's an unauthorized change, you can log in, generate security alerts and we even have capabilities to automatically roll the firmware and OS versions back to a non-good version and also the configurations, right? And this becomes extremely important because as part of Zero Trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving the Zero Trust strategy. And in addition to this, we also have chassis intrusion detection where if the chassis, the box, the several boxes opened up, it locks alerts and you can figure out, even later if there's an easy power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and changing something in your system. Great, thank you for that. A lot of detail and appreciate that. I want to go somewhere else now because Dell has a renowned supply chain reputation. So what about securing the supply chain and the server bill of materials? What does Dell specifically do to track the provenance of components it uses in its systems so that when the systems arrive, a customer can be 100% certain that that system hasn't been compromised. Right, and we just talked about how complex the modern supply chain is, right? And that's no different for servers. We have hundreds of components on the servers and a lot of these required firmware in order to be configured and run and these firmware components could be coming from third-party suppliers. So now the complexity that we're dealing with requires the end-to-end approach and that's where Dell pays a lot of attention into assuring the security of our supply chain. And it starts all the way from sourcing components, right? And then through the design and then even the manufacturing process where we are vetting the personnel at the factories and vetting the factories itself. And the factories also have physical controls, physical security controls built into them. And even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tamper. And we have a feature called the Secure Component Verification which is capable of doing this. What the feature does is when the system gets built in the factory it generates an inventory of all the components in the system and it creates a cryptographic certificate based on the signatures presented to us by the components. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive a system at their end they can run out to it generates an inventory of the components on the system at their end and then compares it to the golden certificate to make sure nothing was changed. And if any changes are detected we can figure out if it is an authorized change or an unauthorized change. Again, authorized changes could be like upgrades to the drives or memory and unauthorized changes could be any sort of tamper. So that's the supply chain aspect of it. And build of many views is also an important aspect to guaranteeing security, right? And we provide a software build of materials which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulnerabilities which have been discovered out in the wild affected platforms. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. Excellent, that's really good. My last question is, I wonder if you give us the sort of summary from your perspective, what are the key strengths of Dell's server portfolio from a security standpoint? I'm really interested in the uniqueness and the strong suit that Dell brings to the table. Right, yeah, we have talked enough about the complexity of the environment and how XeroPress is necessary for the modern idea environment, right? And this is integral to Dell PowerEd servers. And as part of that, you know, security starts with the supply chain. We already talked about the secure component verification which is a unique feature that Dell platforms have. And on top of it, we also have a silicon-based platform root of press. So this is a key which is programmed into the silicon on the black servers during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of press that is used to verify everything in the platform from the hardware and software integrity to the boot on pieces of it, right? In addition to that, we also have a host of data protection features where it is protecting data request in news or in flight. We have self-encrypting drives which provide scalable and flexible encryption options. And this coupled with external key management provides really good protection for your data address. External key management is important because, you know, somebody could physically steal the server and walk away, but then the keys are not stored on the server. It's stored separately. So that provides you an additional layer of security. And we also have dual layer encryption where you can complement the hardware encryption on the secure encrypted drives with a software level encryption. In addition to this, we have identity and access management features like multi-factor authentication, single sign-on, roles, scope and time-based access controls, all of which are critical to enable that granular control and checks for a zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive. And they also have a flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And you also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Powered Server is cyber-resistant infrastructure helps accelerate zero-trust adoption for customers. Got it. So you've really thought this through all the various things that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks, Deepak. Appreciate you coming on theCUBE and participating in the program. Thank you for having me. You're welcome. In a moment, I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on theCUBE, your leader in enterprise and emerging tech coverage.