The rise of sophisticated ransomware threats has transformed the cybersecurity landscape, posing ever-increasing threats to governments and organizations around the world. In 2022, for example, a major ransomware attack evaded detection for 324 days. The daily occurrence of an estimated 4,000 attacks, with notorious examples like WannaCry and NotPetya, underscores the gravity of the challenge.
Ransomware is characterized by unauthorized access and encryption of data, often with the malevolent actors demanding ransoms in return for data restoration. Modern ransomware tactics involve more complex extortion methods, making traditional backup solutions ineffective.
While data center operators seek to thwart and mitigate ransomware attacks, significant challenges remain:
- Delays in applying security patches risk exposure to further threats.
- Post-attack recovery remains complex.
- Accurate forensic analysis is hampered by the stealthy execution of ransomware.
- Economic implications include losses in productivity and the financial cost of system replacements.
- Insecure methods of disposing of compromised systems pave the way for future threats.
Attackers commonly exploit systems through phishing emails, gaining access through "ports of entry" like software applications or firmware. Although existing software solutions attempt to mitigate these vulnerabilities, the increasing sophistication of ransomware attacks necessitates innovative hardware-focused solutions.
The Open Compute Project Community Takes the Lead
Recognizing the need to modularize and abstract hardware, the Open Compute Project (OCP) Hardware Management Project has specified a module-based solution that integrates traditional server management, security, and control features found in server motherboards into a single subsystem. Named the Data-center Secure Control Module (DC-SCM), its goal is to abstract and modularize security, control and management functions on a single sub-system (module).
At the 2023 OCP Global Summit, Axiado contributed industry's first 1U vertical DC-SCM 2.0 modules that expands interoperability with host processor modules. Furthermore, Axiado provided a single-chip implementation of OCP DC-SCM2.0 specifications, thus further reducing the attack surface and protecting it from invasive physical attacks. Axiado's AX3000 chip, introduces a new category named Trusted Compute Unit (TCU) thus further expanding its role by providing trusted services to guest workloads running on the server and enterprise platforms. This supports the implementation of confidential computing workloads in state-of-the-art data centers.
"As a participant in the Open Compute Project's Startup Program, Axiado is actively ensuring compatibility of their new platform security solution with key hardware and software ecosystem partners," said Cliff Grossner Ph.D., Chief Innovation Officer at OCP. "This exemplifies how the OCP Community serves as an enabler for Axiado's accelerated growth through the adoption and development of equipment based upon OCP specifications."
Driven by the OCP Security workgroup, Caliptra Root of Trust (RoT) integrated on server platform devices is an important step in building a consistent attestation framework across server platforms within a data center. Furthermore, Axiado TCU RoT implementation builds on top of base Caliptra RoT functions by adding additional security measures. For instance, Axiado's implementation provides AI/ML based side-channel verification mechanisms to recognize via traffic pattern recognition and protect from side channel and fault-injection attacks. These additional protection mechanisms further harden the security provided by the Caliptra RoT specification.
The combined efforts of Axiado's TCUs and OCP's Modular Hardware Initiatives for cloud, 5G, and network switching are steering the cybersecurity domain toward a comprehensive protective strategy that can help data center operators stay steps ahead of threat actors. Learn more at: www.axiado.com