How AMD’s hardware-based security can keep your customers safer

AMD’s Infinity Guard hardware-level security suite is built into the company’s EPYC server processors. It guards against internal and external threats via a multilayered approach designed to prevent various types of attacks. 

  • December 5, 2023 | Author: KJ Jacoby
Learn More about this topic

Article Key

Helping your customers protect themselves against cyber attacks has never been more important.

In a recent survey, nearly 8 in 10 companies worldwide (77%) said they had experienced at least 1 cyber incident in the last 2 years. Virtually all said the attacks were serious.

In North America alone, it was even worse. There, 85% of the survey respondents said they’d been attacked in the last 2 years.

Kaspersky, which conducted the survey, estimates that nearly two-thirds of these attacks were due to human error. So the idea that antivirus software and employee training are enough is clearly wrong.

Why a new approach to security is needed

Fortunately, a relatively new and effective approach is available to you and your customers: hardware-based security.

To be sure, software-based solutions and dedicated firewalls are still effective weapons in the war against cybercrime. But as cybercriminals become increasingly sophisticated, IT managers have no choice but to harden security further by employing security features built in at the silicon level.

That’s because attacks can infect devices below the operating system level. When that happens, the malware gains control of a system before its OS has time to boot up and deploy the security software.

This threat is made even worse by today’s remote workforce. That’s because corporate firewalls can protect workers only when they’re connected to their organizations’ networks.

But remote workers often use networks that are insecure. They may visit a multitude of public websites, download apps, receive email attachments, and even let family and friends use their company-issued devices.

All that might be okay if not for the propensity of viruses and other malware to spread across networks like wildfire. A ransomware attack on a company laptop can, if not isolated, quickly spread to an entire network via a remote connection to a corporate data center.

From there, the ransomware can multiply and infect every other device attached to that same network. That’s how disasters happen.

Infinity Guard to the rescue

Put this all together, and you can see why hardware-level security tech like AMD Infinity Guard has become a must-have for modern data-center architecture.

AMD’s Infinity Guard hardware-level security suite is built into the company’s EPYC series server processors. There, it guards against internal and external threats via a multilayered approach designed to prevent various types of attacks. These include BIOS manipulation, in-memory return-oriented programming (ROP), and virtualized malicious hypervisor attacks.

Diving deep into the technology that underpins AMD Infinity Guard is like swimming to the bottom of the Mariana Trench—fascinating, but not for the faint of heart. A better option: consider Infinity Guard’s 4 primary safeguards:

  • AMD Secure Encrypted Virtualization (SEV): Provides encryption for every virtual machine on a server. SEV is bolstered by SEV-Secure Nested Paging (SEV-SNP), which includes memory integrity protection designed to prevent hypervisor-based attacks.
  • AMD Secure Memory Encryption: Guards against cold-boot attacks and other threats to the main memory. It’s a high-performance encryption engine integrated into the memory channel, which also helps accelerate performance.
  • AMD Secure Boot: Protects against bad actors by establishing a “root of trust.” This embedded security checkpoint validates a server’s initial BIOS software to ensure there’s no corruption. Secure Boot also ensures that only authorized firmware authenticated by the AMD Secure Processor can boot up.
  • AMD Shadow Stack: Maintains an ongoing record of return addresses so comparisons can be made to ensure integrity. Shadow Stack helps ward off ROP attacks in which an attacker directs control flow through existing code with malicious results.

‘Data-center security is easy,’ said no one ever

Maintaining a high level of data-center security is a full-time job. IT professionals can spend their entire careers playing digital defense against would-be cyberattackers.

Integrated, hardware-level security like AMD Infinity Guard gives those defenders a powerful tool to prevent ransomware and other attacks. That can help prevent incidents costing companies thousands, or even millions, of dollars.

Shifting your customers to servers with AMD Infinity Guard won’t stop the cyber arms race. But it will give them a hardware-based weapon for protecting themselves.

And Supermicro offers a wide range of servers with AMD EPYC CPUs. These help IT operators to keep their data secure and their systems protected.

Do more:


Related Content