Are you getting ready for the upcoming RSA Conference, the
world's leading information security conference and
exposition? The
event is quickly approaching, taking place June 6-9, 2022, both
digitally and yes, physically, at the Moscone Center in San
Francisco. For four days, you'll gain insights, join conversations and
experience solutions that could make a huge impact on your organization
and your career.
Ahead of the show, VMblog received an exclusive interview with Kelly
Bryant, Chief Product Officer at AMI, a global leader in the Dynamic Firmware market for worldwide computing, enabling the world’s compute platforms from on-premises to the cloud to the edge.
++
VMblog: To kick things off, give VMblog readers a quick overview of the
company.
Kelly Bryant: AMI is
Firmware Reimagined for modern computing. As a global leader in
Dynamic Firmware for security, orchestration and manageability solutions, AMI
enables the world's compute platforms from on-premises to the cloud to the
edge.
AMI's industry-leading foundational technology and unwavering customer
support have generated lasting partnerships and spurred innovation for some of
the most prominent brands in the high-tech industry. AMI is also a critical
provider to the Open Compute ecosystem and is a member of numerous industry
associations and standards groups, such as the Unified EFI Forum (UEFI), PICMG,
National Institute of Standards and Technology (NIST), National Cybersecurity
Excellence Partnership (NCEP), and the Trusted Computing Group (TCG).
With a proven track record of providing rock-solid firmware solutions and
outstanding customer support, AMI is your partner
VMblog: What is your message to RSA attendees and those individuals who won't
be able to make the conference this year?
Bryant: Firmware security is often overlooked, but it can have serious consequences
if it is compromised. A zero trust strategy starts with your platform firmware.
If you're not paying attention to your platform firmware, you could be putting
your whole system at risk. Becoming educated about the risks of insecure
firmware and taking steps to protect your systems against exploitation is
critical to maintaining a secure environment. Don't take your firmware
resiliency for granted.
VMblog: What market needs or problems are you addressing in the security space?
Bryant: From your car to airport kiosks and power grids, nearly all technology is
powered by firmware and for that reason, firmware attacks are on the rise.
Firmware attacks are much more dangerous than OS-based attacks because firmware
is invisible to OS-based security solutions. Tektagon from AMI is a portfolio
of Platform Root of Trust (PRoT) security solution that detects and protects
firmware compromise on computing ecosystem worldwide. When necessary, Tektagon
can recover golden image of the platform firmware to restore integrity of your
platform and can help prevent unauthorized access into your organization's
infrastructure and business data.
VMblog: What sets you apart from the competition?
Bryant: You can't just secure your firmware with any old vendor. You need a company
with extensive experience and expertise in secure coding and firmware deployment.
That's where AMI comes in. We've been doing this for over 30 years, and we're
trusted by some of the biggest brands in the world to deliver secure firmware
for their devices. So if you want your firmware to be truly secure, you need
AMI on your side.
VMblog: What are some top priorities for security leaders at RSA to consider
this year?
Bryant: As the saying goes, "The best offense is a good defense." The same
can be said for cybersecurity. In today's digital world, there are more devices
and more data than ever before. And with that comes more vulnerabilities. Cyber
criminals are becoming more sophisticated and realize that firmware is the soft
underbelly of cybersecurity. It's analogous to the door in the basement of a
large building that no one thinks about securing.
Firmware vulnerabilities can act as a gateway for cybercriminals to access
sensitive information and wreak havoc on an organization. While firmware can be
a risk, it can also be an enabler of security. By thinking more thoroughly
about firmware security and creating a resiliency plan, organizations can
protect themselves from potential attacks.
A good resiliency plan includes a secure method of verifying the integrity
of firmware. This helps to ensure that the firmware has not been compromised
and prevent attackers from taking advantage of any vulnerabilities.
Additionally, the plan should identify how to detect a fault or compromise and
recover if a compromise is detected. By having a solid resiliency plan in
place, organizations can minimize the risks associated with firmware
vulnerabilities.
Zero Trust really does begin with firmware.
VMblog: What are some of the security best practices you would deem critical?
Bryant: At AMI, we recommend following the six elements to ensure your firmware is
protected.
1. Secure by Design:
Design your system with security in mind from the start. This includes
incorporating features such as secure firmware upgrade capabilities to help
protect against vulnerabilities.
2. Deep Firmware Experience:
Make sure your team has the expertise needed to develop and deploy secure
firmware code. This includes having a deep understanding of the complexities
involved in firmware development.
3. Active Industry Participation:
Stay up-to-date on security threats by actively participating in the
industry. This includes staying connected with other researchers and sharing
information on vulnerabilities.
4. Comprehensive Vulnerability Testing:
Test for vulnerabilities regularly and have a plan in place for quickly
fixing any that are found. This includes having a test infrastructure in place
with automated and continuous vulnerability testing.
5. Secure Open Source Use:
Organizations should use open source responsibly by closely monitoring and
repairing any security vulnerabilities that are found. This includes being
accountable for disclosing any security risks.
6. Proactive Industry Communication:
Disciplined approach to communicating vulnerabilities and remediation
is critical for all organizations. By sharing information about threats and
vulnerabilities, companies can help protect each other from attacks.
By following these best practices, you can help keep your systems secure
against the latest threats.
##