When AMD released its 4th generation EPYC server processors, the company also doubled down on its commitment to enterprise data-center security. AMD did so with a set of security features it calls AMD Infinity Guard.
The latest EPYC processors—previously code-named Genoa—include an array of silicon-level security assets designed to resist increasingly sophisticated cyberattacks.
CIOs and IT managers who deploy AMD’s latest security tech may sigh with relief as they sidestep mounting threats such as ransomware, malicious virtual machines (VMs) and hypervisor-based attacks like data replay and memory re-mapping.
Growing concerns
Hackers are relentless. Beguiled by the siren song of easy riches through cybercrime, they spend countless hours devising new ways to exploit even the slightest hardware vulnerability. The bigger the organization, the more money these cyber criminals can extort—which is why they often target enterprise data centers.
AMD took this into account when designing the EPYC server processor series. The company had three goals: to address hardware-level vulnerabilities, eliminate likely threat vectors, and deny hackers access to any surface they could exploit.
Perhaps just as vital, AMD set a goal of addressing security concerns without impacting system performance. This is especially important for modern application workloads that require both high performance and low latency.
For instance, organizations that offer streaming content and mass storage could be just as easily crushed by glitches and malfunctions as they could by a significant security breach.
Security tech within
AMD is taking a decidedly ain’t-messin’-around approach to its latest security tech. Rather than paying lip service to IT Ops’ concerns, AMD engineers went deep down into the heart of their processor architecture to identify and remedy threat vectors.
The impressive security portfolio includes 4 primary tools to guard against threats:
- Secure Encrypted Virtualization: SEV provides individual encryption for every virtual machine on a given server. Each VM is assigned one of up to 509 unique encryption keys known only to the processor. This protects data confidentiality in the event that a malicious VM breaches a system’s memory, or a compromised hypervisor reaches into a guest VM.
- Secure Memory Encryption: Full memory encryption protects against internal and physical attacks such as the dreaded cold boot attack. There, an attacker with physical access to a computer conducts a memory dump by performing a hard reset of the target machine. SME ensures that the data remains encrypted even if the main memory is physically removed from a server.
- Secure Boot: To help mitigate the threat of malware, AMD EPYC processors employ an embedded security checkpoint called a “root of trust.” This validates the initial BIOS software boot without corruption.
- Shadow Stack: It may sound like a Marvel superhero, but in fact this guards against threat vectors such as return-oriented programming (ROP) attacks. Shadow Stack does this by compiling a record of return addresses so a comparison can be made to help ensure software-code integrity.
A well-rounded engine
A modern server processor serves many masters. While addressing security concerns is vitally important, so are ensuring high performance, impressive energy efficiency and a decent return on investment (ROI).
Your customers may appreciate knowing that AMD’s latest EPYC processor series addresses these factors. Rather than focusing solely on headline-grabbing tech like speeds & feeds, AMD took a more holistic approach, addressing many issues endemic to modern data-center operations.
EPYC CPUs also boast broad ecosystem support. For AMD, this means fostering collaboration with a network of solution providers. And for your customers, this means worry-free migration and seamless integration with their existing x86 infrastructures.
Your data-center customers are probably concerned about security. Who isn’t, these days? So talk to them about AMD Infinity Guard. After all, a secure customer is a happy customer.