Today, companies and private individuals rely on the cloud for most applications.  Beyond the software end users see is an expansive number of supporting applications that monitor and manage a multitude of operational needs, including performance, security, updates and resource consumption.

Regardless of the purpose, cloud-based applications reach a huge number of systems and cover an unimaginable expanse of critical data, driving real-world businesses, services and personal lives. This creates enormous opportunity for hackers and cyber-criminals to proliferate malware and inflict enormous amounts of damage, affecting millions of people and bringing companies to their knees.

Costs of a Data Breach Continue to Rise

The cost of these attacks is on the rise.  According to the 17th “cost of a data breach” report by IBM and Ponemon, the average data breach costs in 2022 were $4.35 million, a 2.6% rise from 2021’s $4.24 million. These costs can be felt in loss of business, legal fees, recovery and breach management.  In October 2022, health insurer Medibank experienced an attack that was estimated to have cost $25 – $35M  – even before customer compensation, and regulatory and legal costs were to be paid.

Firmware Security is Foundational to Cybersecurity

Highly complex enterprise security software has been developed to address this concern.  Residing in the operating systems of the host servers, this security software is designed to monitor and prevent entry, as well as provide recovery in some cases, protecting applications and data. While the enterprise security software does a good job ensuring integrity through application and OS entry points, it is unable to protect through the entry points that reside below the operating system.

The elements that reside below the operating system, or platform components, include motherboard silicon and expansion cards, each with their individual firmware, serving purposes such as external and internal connectivity, data storage, power, display graphics and system boot. The firmware that runs each one of these components is loaded before or often at the time of system assembly and, in many cases, is rarely updated. If compromised, the firmware can introduce malware from the platform to the OS and applications, compromise data or succumb to hacks and disable the functionality of the components.

These types of platform-level attacks are on the rise.  A July 2022 article from Bleeping Computer reported that Kaspersky had found previously undetected malware on some computer motherboards embedded in firmware. Additionally, the October 2020 Futurum Research report found that 56% of companies experienced an external cyberattack attributed to a vulnerability in hardware or silicon-level security.

Chain of Trust Must be Trustworthy

The National Institute of Standards and Technology (NIST) recognized a gap in the chain of trust for the higher layers in the IT stack. In response, they created NIST 800-193, Platform Firmware Resiliency Guidelines. This standard is intended to drive compute system providers to ensure platform firmware resiliency, resulting in a chain of trust from the bottom to the top of the IT stack.  Compliance with NIST 800-193 means that the system platforms utilize security mechanisms to protect the platform firmware against unauthorized changes, detect unauthorized changes that occur, and recover from attacks rapidly and securely.

In line with NIST 800-193, silicon providers serving boot functionality are developing a set of requirements they call Hardware Root of Trust (HRoT), which provides foundational security and establishes a chain of trust for higher compute layers.

Robust HRoT Solution is the Answer

HRoT devices need specialized firmware to perform these features.  To drive detection and protection at its most critical point, this firmware should tie in closely and work optimally with the boot process. As such, a high level of expertise in the boot process and a keen understanding of HRoT functionality are required to best secure platform firmware through detection, recovery and protection.

AMI’s Tektagon Platform Root of Trust (PRoT) solution builds on HRoT devices to detect, recover and protect against platform firmware vulnerabilities driven at system assembly or through firmware updates.  Supporting both the open-source and closed-source communities, Tektagon supports microcontroller-based and FPGA-based HRoT devices and works with Intel, AMD and other processor-based host platforms. Leveraging more than 30 years of firmware expertise, AMI’s Tektagon works in unison with AMI’s Aptio and MegaRAC firmware, ensuring smooth operation while protecting the platform firmware.

More information about Tektagon, including a data sheet, infographic and whitepaper can be found here.