DULUTH, GEORGIA – AMI®, a global leader in powering, managing and securing the world’s connected digital infrastructure through its BIOS, BMC and security solutions, is pleased to introduce its new AMI TruE™ Platform Security Solution for establishing a trusted environment for cloud execution in the enterprise and data center.
As platforms operating in data center and enterprise environments become more complex and more of their onboard components require their own firmware, the need to verify and secure platform firmware has never been more important. Now, with security issues becoming more widespread at the firmware level, organizations must be able to ensure the integrity of their platform firmware from installation and bootup. To meet these growing needs, the new AMI TruE Platform Security Solution from AMI delivers holistic data center security solutions using Intel® Security Technologies and Intel® Security Libraries for Data Centers to provide a true trusted environment for cloud execution.
Platform Integrity Requires All Firmware on the Platform to be Trusted
To know with certainty that sensitive workloads running in the data center are only executing on trusted nodes, a fundamental level of trust must be established for every platform in operation. By extension, ensuring this fundamental level of trust requires that the integrity of all the firmware and software on the platform must also be verified.
AMI TruE helps data centers secure platforms throughout the entire platform life cycle by providing end-to-end firmware security and verification across the data center and integrating with other data center management and orchestration tools to provide a holistic view of platform firmware security for all servers in use. Supply chain attacks can be easily avoided by attesting the shipped firmware and software hash information of new platforms with an attestation server upon installation into an existing trusted environment. After deployment, server trust validation continues to attest the integrity of the firmware and software running across the enterprise.
All Software and Firmware on the Platform Must be Attested as Coming from a Trusted Source
To attest all firmware and software on a given platform, the AMI TruE Platform Security Server communicates with a Trust Agent that runs on the platform’s operating system. The Trust Agent collects firmware and software hash information stored in the platform’s Trusted Platform Module (TPM). The AMI TruE Platform Security Server compares the hash information from the platform’s TPM with a list of known good hash values to determine the trust level and whether the platform can be trusted.
As an additional security layer, an attestation server – available from AMI as part of AMI TruE or through other third-party solutions – is installed and managed in the data center and retains all the various hash information collected across the data center, tracking the trust level of each. When a platform is verified to be untrusted, it can then be scheduled for automatic firmware updates based upon the data center’s policy.
For higher-level automation, visibility and workload balancing, AMI TruE can also be configured with a management server such as the AMI TruE Management Server featured as part of the AMI TruE solution or integrated with cloud orchestration software such as Kubernetes®. Doing so enables the management server to manage the attestation server and cloud orchestration and provide an aggregate overview of the platform trust status of all the servers in the environment by consuming AMI TruE APIs.
Sanjoy Maity, Chief Executive Officer of AMI, commented that “The main barrier to cloud adoption by more enterprises is security in the cloud – whether it is from data leakage, data privacy, confidentiality concerns, legal and regulatory compliance or data sovereignty. Our new AMI TruE Platform Security Server helps to break this barrier by ensuring that workloads with sensitive information only run on trusted nodes. Like many of our AMI security products, AMI True is a firmware security solution that can protect the platform down to the most critical and essential level. This kind of protection is of vital importance now more than ever; since high-level software is becoming increasingly secure, more attacks are now focusing on lower-level platform firmware, aiming to compromise the platform and potentially disrupt the critical infrastructure on which we all depend.”
For more information about AMI TruE Platform Security Solution, please contact AMI via ami.com/contact or call 1-800-828-9264 to speak with an AMI Security Solutions expert.
NIST® is a registered trademark of the U.S. Department of Commerce’s National Institute of Standards and Technology. Intel® is a registered trademark of Intel Corporation or its subsidiaries. Kubernertes® is a registered trademark of the Linux Foundation in the United States and other countries and is used pursuant to a license from the Linux Foundation. All other trademarks and registered trademarks are the property of their respective owners.