 Live from Las Vegas, it's theCUBE covering HPE Discover 2017 brought to you by Hewlett Packard Enterprise. Okay, welcome back everyone. We're here live in Las Vegas. This is theCUBE's exclusive coverage of HPE Discover 2017, HPE Enterprise's premier show. It's theCUBE on our third day. I'm John Furrier with my co-host Dave Vellante with SiliconANG, our next guest. Bob Moore returning back to Rector Server, software product security. He's got the hottest product here on the show. We're going to go do a deeper dive and Jason Strobshire, SVP at CTO Infusion Points. Welcome back, welcome to theCUBE. Thank you, John. Good to be here. So obviously the talk of the town here on the show with a variety of other things with all the simple messaging, which is kind of clean and tight. But outside of that, from a product standpoint is really some of the security stuff you guys are doing in the Silicon. It is. In the servers with Gen10. Pretty game-changing. We've been curious. We want more information. Yeah. Give us some more update. What's the update? Glad to do that. Yeah, we're really proud of the announcement. We have a big, bold announcement this week claiming ourselves the world's most secure industry standard server. So that's big, that's huge. That's based on this new revolutionary security technology that we've been developing, frankly, over the past couple of years. So it's been two or three years in the making. A lot of hard work. We actually started to look at what type of security trends were happening and what we might have to do to protect the servers. And we've come up with a game-changing capability here. And it's one thing for us to say it internally, HPE, but we were so certain that we were in a great security position that we went external and found a security firm outside that independently could look at it and then do some compare, contrast testing with competitive units. And let's drill into that. I have some other questions on the industry in terms of what's going on at the chip level. Always-on security is kind of a theme we've heard in the past from some of your competitors. But let's get into some of the competitive analysis. What have you guys seen in the benchmarks? Jason, what are you guys discussing? Because at the end of the day, claims are one thing, no offense to HPE. You're kind of biased, of course. And we have folks on from the marketing team as well. Where's the proof in the pudding? Oh yeah, well, one thing that we know for sure is that the thread is real, right, with firmware. And it was great for us to analyze HPE's new technology. We had it on the bench, two different beta units. So just for the record, you guys are the ones who did the benchmarking and analysis. Independent? Independent, yeah, InfusionPoints is a cybersecurity firm. Independent from HPE, they approached us to do the testing. Okay, good to hear. So we have black hat analysts that do this sort of thing all the time for our customers. Okay, so take us through what happened. Yeah, so they procured for us three competitor servers, sent them to our shop. We set them on the bench, all side by side. From what I can tell, no one's ever really done a test like that in the server industry. So it was very exciting. There's been a lot of benchmarking done and performance, things like that. But from a black hat standpoint, to actually look at the hardware, that hardware level testing, we couldn't find any examples of anyone doing it. So I thought that alone was just evidence that HPE was very serious about security and they knew what they had. So... And you guys getting your hands dirty because you know the malware and all the ransomware stuff going on. People are going through elaborate links, business models, organized teams. This is really orchestrated security market now where the black hat guys are out there really hacking away at every angle. Yeah, well, and we saw evidence that firmware issues and exploits are here to stay. The Vault 7 release that happened recently showed us that there are exploit kits. Intel security released within a day a tool to let you do firmware validation. But to do that, you have to take your server offline and build a gold image of what that firmware should look like and then compare a week later if you think you might have had a breach, you have to take your server down and compare against that gold image. Now who has the time to do that? What we found in analyzing the Gen10 server is HPE has built this in where this could be done in real time while the server's running, no performance hit, no downtime. It really is a revolutionary game changer I think for firmware security. So Bob, can you explain what IP you guys developed in Silicon that Intel, where do they leave off and you pick up? Sure, sure, because Intel has some great security technology and we actually support a lot of the Intel technology, their TXT, their trusted execution technology as part of our Gen10 servers. But what we've done at HPE is we've really taken it multiple steps further than that and we've developed, because we're in a position where we develop our own custom HPE ILO silicon chip, we're able to anchor what we actually do, embed the cryptographic algorithms into that and then we anchor all the server essential firmware. Right, think of it as anchoring it down into the bedrock. So there's really no way that you can get in and breach that. And even if you did, instead of taking it offline like Jason was talking about here, we have the ability to not only provide that protection, but we would detect any type of malware or virus that gets in and then frankly, we can recover that almost immediately within a few minutes. In fact, we're demonstrating that here during Discover this week. So it's a protection. Is there any place online where people can get information, people watching, probably curious? Sure. Site, you can just give them a URL. Yeah, it's just naturally, it's our hpe.com forward slash security and that's where we've got some white papers there and other things there. So you're saying you can recover virtually instantaneously and you do that by what, fencing certain resources or? Yeah, what we've done is we've provided, we verify as the server is running, we're doing a runtime firmware validation so we're checking that firmware and make sure it's free of any malware or viruses or compromised code, completely perfect in original shape like when we shipped it from the factory and then we're storing in another location inside the server, a secure copy of that, think of it as a lock box inside the server where it can't be found unless we need to go into recovery mode, then we draw from that, we've checked it daily, we've stored it there, we know it's authentic and we can pull that back to recover in case something does happen to the server. And then you can asynchronously reclaim that wasted resource, clean it up and then bring it back online. We can, we can recover the server through the firmware, toward the end of the year, we'll be recovering the operating system as well so we've got a really holistic way to get that server. When we talk to customers, a real big concern and sometimes that's referred to as bricking a server, you get a brick server, something that just won't operate and it's important because 60% of small businesses that suffer a security breach are out of business within six months and so it can be huge, that lack of cash flow for customers, it's that denial of service, that disruption in business. Well, we prevent all of that because we can not only protect the server but then recover from a breach. So the anatomy of that breach, can we go through a common use case? So malware gets in, it gets into the server, it's hiding, typically you don't know about it. In this new scenario with your Gen10, you'll be able to identify that, fence it, protect it. Okay, and so the, and if I understand that the business impact of the problem you're solving is not only are you sort of automating that protection but you're also eliminating a lot of wasted time and downtime and accelerating the response. Is that right? I think that's what Jason was talking about earlier. Normally you would have to, if your server gets infected, you'd completely take it offline and then do a manual recovery and customers still have the choice to do that but in our case we can recover immediately within a few minutes if something happens and it gets a breach. Those types of exploits are typically in the data plane as well but with firmware you can't even really detect that you've been hacked. So down in the firmware, virus scanners, those things don't work. So if you have a BIOS exploit, that is on either the ILO or that would be on the BMC, the Baseboard Management Controller and undetectable by the operating system. That's great. It's a clean haven for hackers. I mean, they love to get in there once you're in. You know, I don't know that a lot of customers realize this but the first thing, when you turn a server on, the first thing that comes on is the firmware and in our case it's the ILO firmware. Over a million lines of the firmware code run before the operating system even starts. So that's like can be a cesspool of resistance for a Trojan horse and the research shows that a virus, somewhat analogous to a human, it can stay in there, hibernate in there for months, maybe even a year or more until it springs forth and opens up the passwords or bricks your servers or does some nefarious behavior. I mean, cesspool from a customer standpoint from a hacker, it's like going to the beach. I mean, in Pina Coladas, you're clean, you're down there. We've seen it already. Well, what's the staff? The average time to detect an intrusion is over 200 days. That's right. So essentially you're detecting it instantaneously. Yeah, we run that runtime firmware validation on a regular basis, can be run as much as every day and so you'll know almost immediately, which is really great because a lot of regulatory bodies want to know if the breach has occurred and so this gives those customers the ability to know if something's happened. Chase, I want to challenge the claim here because I love, first of all, I love the Ravada, put this daily on, yeah, we're bad ass, we're number one. Oh, we know that. What is this, how did the lead up work about? What are the results? Did HP come out number one? Oh, absolutely. What's the lead, what's the gap? Talk about the gap between HP and then other servers that they send you, the best servers, what was the benchmark? I'm sure you guys did your due diligence. Take us a little bit more of the results. Sure, sure. So yeah, I mean, again, we were comparing all the servers side by side. A test had never been done from what I had seen and when we looked at feature by feature and started analyzing things, we sort of broke down and we saw, we really had two different angles we were looking at. The penetration test aspect where we were looking for vulnerabilities in the firmware, at the physical layer, at the network layer. They passed that with flying colors. We found a few minor issues that they jumped on and resolved for us within a matter of hours or days. And then the other aspect was a feature by feature comparison that we looked at. We looked at the Silicon Road Trust, obviously, and we saw what the others were doing there. At best, the other guys were using firmware to validate firmware. The obvious issue with that is if the firmware is compromised, it's not trustworthy. It's in no position to validate and verify the integrity of it. It's like Wall Street policing itself. Bitbound firmware, can't trust that. The hood latch, they have a revolutionary intrusion detection switch on the Gen10 that actually detects if the lid is lifted on the server anywhere from when it leaves the factory to when it arrives at the installation point. Server doesn't have to be plugged in like with the other guys. So it's just a physical casing breach. It's detected and then what happens there? Flags the firmware, makes a note, does it shut it down? It makes a note, it puts it in the log entry so you can tell if that server's been tampered with in transit. Yeah. So the insider threat potential issue goes away with that, right? That's right, so physical access, you don't have to worry about that because we can verify that server gets to the customer in its unique, original, authentic condition because even though the power is off, that is going to register an audit log alert if that chassis has been opened. So I can't go to the vault with the Bellagio like they did in Oceans 11 and put my look, break into the server and, you know, go in there. Okay, so now back to the results. So the other guys, didn't pass or what, you know? Well, we did find some issues that we're looking at doing some further testing on, so. Okay, so we got to be polite. We're going to respect the confidentiality and the ethos of security as we know. Sharing data is a huge deal and it's an integrity for the customers you guys think about it. Props for that, not digging into. We'll wait for the official report or if it does come out. All right, so I got to ask you a personal question, Jason. As someone who's in the front lines, you know, every time there's a new kind of way, whether it's Bitcoin and blockchain, you see a slew of underbelly hacking that goes mainstream and people are victimized. In this case, firmware is now exposed. Oh yeah. Well known. What, as a professional, what gets you excited and what gets you alarmed, if anything, about this? What new revelations have you walked away with from this? Well, it's just, I guess, how pervasive this issue is. You know, Internet of Things has exploded the number of IP devices that are out there. Most of them have, you know, firmware issues. Almost all of them have firmware issues and we've just now seen botnets being created by these devices, cameras, IP cameras and things like that, that become attack platforms. So I just want, you know, one of the things that impressed me very much about HPE's approach here is that they're being a good corporate citizen by, you know, they're making a platform that's going to be implemented, tens of thousands of IP addresses. Those systems, I think, will be much more secure and can't become an attack platform for other people, you know, to, for attackers. So the surface area as IoT gets to your point about IoT, we always talk about the surface area of attack vectors and that vector then can be minimized at the server level because that's like the first mile in. Right, and so we commonly refer to that as the attack vector attack surface and so we narrow that attack surface way down. Can you even subjectively give us a sense as to how much of the problem this approach addresses? I mean, is it 1%, 10%, 50% of the attacks that are out there? I think the important thing here is moving, shifting the bar, right? I mean, I've likened this, what HPE is doing here to what Bill Gates did 15 years ago with the Microsoft memo. I mean, that really revolutionized operating system security within Microsoft and I think it had a ripple effect out into industry as well. So I mean, I really think that HPE is pushing the bar in the same way, but for firmware instead of, you know, the operating system level that was the paradigm back 15 years ago. And I think you'll find on our website, we put some of those studies out there actually and it's over half, I think it's 52% of the firms that responded have had a breach or malware virus in their firmware. So over half another 17% had a serious catastrophic issue with that. So it really is more pervasive. We've seen a lot of news about the data plane level where thefts are taking place at the application level, the operating system and we've got to pay attention to the firmware layer now because that's like I said, a million lines of code in there running and it can be an area where a Trojan horse can sit and we've essentially really strengthened that and narrowed the attack surface. We're also delivering with the Gen 10 the highest, the strongest set of security ciphers available in the world today and that's the commercial national security algorithms that we're the only ones to support in our server. So we're proud of that. Well, Bob and Jason, thanks so much for sharing the insight. It's super exciting and relevant area in the sense of it's super important for businesses and we're going to keep tracking this because the Wikibon team just put out new research around true private cloud, showing that the on-prem cloud-like environment is going to be a $260 billion market. That's a new research that's groundbreaking but points to the fact that the on-prem server situation is going to be growing actually. So this is, and with cloud, there's no perimeter so you know, here you go. I mean, back to the firmwares, potential exposure, you guys solving that problem with some good innovation. Thanks so much for sharing. Thank you guys. Thank you. The insight Jason and Bob here in theCUBE talking security servers, attack vectors, no perimeter. It's a bad world out there. Make sure you're protected, of course. This is theCUBE bringing you all the action here at HPE Discover. We'll be right back with more live coverage after the short break. I'm John Fredo, Dave Vellante. We'll be right back after the short break. Stay with us.