Virtualization Technology News and Information
Article
RSS
RSA Conference 2022 Q&A: AMI will Showcase Zero Trust - Secure Coding and Firmware for your Devices

RSA-2022-QA 

Are you getting ready for the upcoming RSA Conference, the world's leading information security conference and exposition?  The event is quickly approaching, taking place June 6-9, 2022, both digitally and yes, physically, at the Moscone Center in San Francisco.  For four days, you'll gain insights, join conversations and experience solutions that could make a huge impact on your organization and your career.

Ahead of the show, VMblog received an exclusive interview with Kelly Bryant, Chief Product Officer at AMI, a global leader in the Dynamic Firmware market for worldwide computing, enabling the world’s compute platforms from on-premises to the cloud to the edge.

ami-logo 

++

VMblog:  To kick things off, give VMblog readers a quick overview of the company. 

Kelly Bryant:  AMI is Firmware Reimagined for modern computing. As a global leader in Dynamic Firmware for security, orchestration and manageability solutions, AMI enables the world's compute platforms from on-premises to the cloud to the edge.

AMI's industry-leading foundational technology and unwavering customer support have generated lasting partnerships and spurred innovation for some of the most prominent brands in the high-tech industry. AMI is also a critical provider to the Open Compute ecosystem and is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), PICMG, National Institute of Standards and Technology (NIST), National Cybersecurity Excellence Partnership (NCEP), and the Trusted Computing Group (TCG). 

With a proven track record of providing rock-solid firmware solutions and outstanding customer support, AMI is your partner

VMblog:  What is your message to RSA attendees and those individuals who won't be able to make the conference this year? 

Bryant:  Firmware security is often overlooked, but it can have serious consequences if it is compromised. A zero trust strategy starts with your platform firmware. If you're not paying attention to your platform firmware, you could be putting your whole system at risk. Becoming educated about the risks of insecure firmware and taking steps to protect your systems against exploitation is critical to maintaining a secure environment. Don't take your firmware resiliency for granted.

VMblog:  What market needs or problems are you addressing in the security space?

Bryant:  From your car to airport kiosks and power grids, nearly all technology is powered by firmware and for that reason, firmware attacks are on the rise. Firmware attacks are much more dangerous than OS-based attacks because firmware is invisible to OS-based security solutions. Tektagon from AMI is a portfolio of Platform Root of Trust (PRoT) security solution that detects and protects firmware compromise on computing ecosystem worldwide. When necessary, Tektagon can recover golden image of the platform firmware to restore integrity of your platform and can help prevent unauthorized access into your organization's infrastructure and business data.

VMblog:  What sets you apart from the competition? 

Bryant:  You can't just secure your firmware with any old vendor. You need a company with extensive experience and expertise in secure coding and firmware deployment. That's where AMI comes in. We've been doing this for over 30 years, and we're trusted by some of the biggest brands in the world to deliver secure firmware for their devices. So if you want your firmware to be truly secure, you need AMI on your side.

VMblog:  What are some top priorities for security leaders at RSA to consider this year? 

Bryant:  As the saying goes, "The best offense is a good defense." The same can be said for cybersecurity. In today's digital world, there are more devices and more data than ever before. And with that comes more vulnerabilities. Cyber criminals are becoming more sophisticated and realize that firmware is the soft underbelly of cybersecurity. It's analogous to the door in the basement of a large building that no one thinks about securing.

Firmware vulnerabilities can act as a gateway for cybercriminals to access sensitive information and wreak havoc on an organization. While firmware can be a risk, it can also be an enabler of security. By thinking more thoroughly about firmware security and creating a resiliency plan, organizations can protect themselves from potential attacks.

A good resiliency plan includes a secure method of verifying the integrity of firmware. This helps to ensure that the firmware has not been compromised and prevent attackers from taking advantage of any vulnerabilities. Additionally, the plan should identify how to detect a fault or compromise and recover if a compromise is detected. By having a solid resiliency plan in place, organizations can minimize the risks associated with firmware vulnerabilities.

Zero Trust really does begin with firmware.

VMblog:  What are some of the security best practices you would deem critical?  

Bryant:  At AMI, we recommend following the six elements to ensure your firmware is protected.  

1. Secure by Design:

Design your system with security in mind from the start. This includes incorporating features such as secure firmware upgrade capabilities to help protect against vulnerabilities.

2. Deep Firmware Experience:

Make sure your team has the expertise needed to develop and deploy secure firmware code. This includes having a deep understanding of the complexities involved in firmware development.

3. Active Industry Participation:

Stay up-to-date on security threats by actively participating in the industry. This includes staying connected with other researchers and sharing information on vulnerabilities.

4. Comprehensive Vulnerability Testing:

Test for vulnerabilities regularly and have a plan in place for quickly fixing any that are found. This includes having a test infrastructure in place with automated and continuous vulnerability testing.

5. Secure Open Source Use:

Organizations should use open source responsibly by closely monitoring and repairing any security vulnerabilities that are found. This includes being accountable for disclosing any security risks.

6. Proactive Industry Communication:

Disciplined approach to communicating vulnerabilities and remediation is critical for all organizations. By sharing information about threats and vulnerabilities, companies can help protect each other from attacks.

By following these best practices, you can help keep your systems secure against the latest threats.

##

Published Thursday, May 26, 2022 7:29 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<May 2022>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234