Digital supply chain security has become a crucial topic for enterprises, especially during Cybersecurity Awareness Month. While cyberattacks may have been viewed as benign years ago, today’s organized criminals and nation-states have realized that cyberattacks can scale when they infiltrate an organization’s crown jewel data.
That infiltration can involve extracting ransoms, exfiltrating trade secrets or causing significant damage. Attackers have a wide variety of techniques they can use, according to JR Balaji (pictured, left), director of product management of security and manageability at Dell Technologies Inc.
“I always refer everybody to the MITRE ATT&CK technique. There are constantly techniques being added to that. Most organizations tend to focus on popular techniques like phishing, ransomware [and] credential theft,” Balaji said. “They are very popular and therefore top of mind for most IT and security organizations. But the reality is that adversaries can use any combination of techniques to breach organizations.”
Balaji and Patrick Bohart (right), director of marketing at Intel Corp., spoke with theCUBE Research’s Dave Vellante as part of a CUBE Conversation at the Dell “Partnerships for Smarter Security” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed digital supply chain security, the increasing threat of supply chain attacks and the collaboration between Dell and Intel to enhance security measures across the tech stack. (* Disclosure below.)
Adversaries are going after the supply chain
While phishing, ransomware and credential theft are popular, they’re not the only techniques to consider. Adversaries are looking at more, according to Balaji.
“They look for softer targets, and the supply chain, for example, is a relatively less evolved, less understood security threat vector,” he said. “Therefore, they go after the supply chain and other less understood, less protected targets.”
It’s clear that attackers are targeting the weakest link. Dell and Intel have been partnered for years on this matter, but supply chain attacks are on the rise, according to Bohart.
“If you look at the industry data, supply chain attacks are on the rise, increasing by hundreds of percentage points a year. That suggests that the level of industry awareness and the level of industry solutions that we need, we haven’t hit that yet,” Bohart said.
Organizations have focused a lot of their preparation over the years on top attack vectors, according to Balaji. In recent times, ransomware has been top of mind for every organization, regardless of its size.
“We did a study within Dell. We interviewed a whole bunch of global IT decision-makers, and we found that only 40% of the organizations actually demand from their IT suppliers details around how they’ve implemented supply chain security — and that’s a gap,” Balaji said.
Dell and Intel zero in on digital supply chain security
By now, many view security as a team sport. That’s especially important as organizations digitalize and modernize, according to Balaji.
“Both Dell and Intel have a long history of serving customers in the IT space. We understand IT, we understand security and we understand the points of intersection between these two organizations and how they need to come together at the seams to solve these problems,” he said.
Therefore, the company’s approach is to operate by looking at the entire attack surface, according to Balaji. Of course, companies can prevent as much as they can.
“But we have to come together and say, ‘Hey, [what are] all the possible attack surfaces that could exist, and how do we continuously shrink that attack surface through joint innovation?’” he said.
Dell and Intel have closely collaborated and been innovative, according to Bohart. Where that’s most evident is around the idea of digital supply chain security.
“Whether we’re gathering information and digital information as the products are being manufactured, we’re understanding the state of the product as it’s being manufactured, understanding the details of the machines, the technology and the tools that were being used,” Bohart said. “We’re capturing that information in … kind of a digital DNA of the device.”
Then comes the hardware side of things. Dell and Intel have partnered around a unique use of Intel vPro technology, according to Bohart.
“[We use] technologies like our vPro manageability engine to ensure that the device is trusted at point A and then verifying through this digital supply chain that it arrives in the same digital state,” Bohart said.
Going down into resilience, Dell SafeBIOS leverages Intel vPro Hardware Shield capabilities, such as Boot Guard and BIOS Guard. That’s also an important step, according to Bohart.
“[This] can ensure that those regions, those sensitive regions of the [central processing unit], those sensitive regions of the platform, haven’t been tampered with and haven’t been attacked as the device moves through the supply chain,” he said. “And that’s really that digital supply chain security, is, I think, really where Dell and Intel have created some unique value.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Dell “Partnerships for Smarter Security” event:
(* Disclosure: TheCUBE is a paid media partner for Dell’s “Partnerships for Smarter Security” event. Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)