Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.© Ingram Micro Inc.1

Simplify to SecureFireEye, HPE, and Ingram Micro

1511022 rev 11-23-15

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 2

• Jacob White – Moderator

− Technology Consultant for Security, Ingram Micro

• Robert Potter – Guest Speaker

− Vice President, Global Sales Operations, FireEye/Verodin

• Kurt Lacy – Guest Speaker

− Hybrid Chief Technologist, Hewlett Packard Enterprise

On Today’s Panel

1511022 rev 11-23-15

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 3

• Attacks are increasingly focused on people

• What’s old is new again

• The “perimeter” is quickly evaporating

• Shadow IT, industrial networks, and IoT sprawl

The Evolving Threat Landscape

1511022 rev 11-23-15

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 4

• Most admins are wearing (too) many hats

• Legacy systems and networks ripe for exploitation

• Difficult to tell if we’re having an impact

• Too many tools, not enough people

Challenges of Modern Security Posture

PLEASE

STOP

1511022 rev 11-23-15

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 5

Quick break to disable SMBv1

1511022 rev 11-23-15

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 6

• Email Security

• Network Segmentation

• Assessment tools for vulnerabilities and security controls

• Consolidating vendor deployments

How can we tackle these issues?

Ingram ONE

Rob Potter

Measuring Security Effectiveness

Across all industries, businesses rely on business continuity and critical assets to:

▪ Gain competitive advantage

▪ Drive revenue

▪ Protect shareholder value

▪ Deliver services

As a result, many have made significant investments to protect these assets.

Regulatory

Compliance

Regulatory Compliance

GDPR

Consumer

Services

Access to

Data

Critical Infrastructure

Business

Continuity

M & A

Intellectual Property

Protection

of Assets

Critical Data

R&D

Investment

Rationalization

Cybersecurity’s Relevance to the Business

Broken Formula

SECURITY

INVESTMENTS

SECURITY

EFFORT

SECURITY

EFFECTIVENESS

+ ≠

Cyber Security Is Based On Assumptions

WE ASSUME:

Technologies

work as

vendors claim

WE ASSUME:

People are correctly

handling events and

processes are

effective

WE ASSUME:

Products are

deployed and

configured

correctly

WE ASSUME:

Changes to the

environment

are properly

understood,

communicated

and implemented

Path to Rationalization & Continuous Improvement

Are our controls working the way we expect them to?

Are they properly configured?

Are we able to increase the efficiency of the dollars already spent?

Are we using the full value of our existing tools?

Are we maximizing ROI?

Where are our overlaps and true gaps?

Can tools be removed from the stack?

Can we simplify the environment?

Demonstrate improvement over time

CONTROL

EFFECTIVENESS

KNOWN GOOD

BASELINEOPTIMIZATION RATIONALIZATION

Continuous Validation

Environmental Drift Detection

The FireEye Ecosystem

Thank youEmpowering Defenders. Together.

Rob Potter, Verodin

robert.potter@verodin.com

Securing everything, everywhere

Kurt LacyChief TechnologistHewlett Packard Enterprise - November, 2019Kurt.Lacy@hpe.com

15

HPE Global Security Update

HPE Global Security Update VideoVideo is set to auto-run in full screen when un-hidden.

“We were hit with ransomware called SamSam, and

just about every machine we had on our network was

locked. Business was at a standstill. We did have a

mixed environment in our data center, and the HPE

servers were not impacted.”

– Chad Spears, IT Director,

Healthcare Company

Watch the video

Cyber Catalyst Designation (NEW – Oct, 2019!!!)

− Provides clarity in selection of cybersecurity products from

Marsh (Experts/Insurance Industry Analysts)

− Select products that have a meaningful impact on their cyber

risk

− Delineates which products their insurers value most from risk

underwriting perspective

− May qualify for enhanced terms & conditions

Customer Benefits

− Only server manufacturer with HPE Cyber Catalyst

Designation

− HPE Gen10 ProLiant, Apollo, Synergy, and Edgeline EL8000

− HPE Aruba Networking Firewall

(Policy Enforcement Engine)

HPE Involvement

Cyber catalystsm Meeting an important market need

$4 billion* global cyber insurance

market

FASTEST growing insurance in the

world today

Global Security Threats

Cyber crime will costthe world economy

$6 Trillionby

2021*

Global spending on cybersecurity

is expected to top

$120 billionin

2019*

20

Thousands of cybersecurity firms offer products designed to mitigate and combat cyber risk, but companies find it challenging to evaluate those offerings given limited resources and expertise

*Cyber security business report, October 19, 2017, by Steve Morgan*Cyber Catalyst: Sparking Change in Cyber Risk Management, 2019, by Marsh *Cyber Catalyst: Sparking Change in Cyber Risk Management, 2019, by Marsh

CYBER CATALYST SM DESIGNATION WITH HPE FROM EDGE TO CLOUD

21

2 HPE Solutions submitted

Silicon root of trust1.3M Gen10 servers installed WW

Secure foundation for all HPE Gen10 servers -ProLiant, Apollo, Synergy, Edgeline 8000,

HyperConverged

Rapidly mitigates the impact of firmware attacks. Able to recover itself to a known and

secure state, with trusted firmware, and without

manual intervention.

Aruba Policy Enforcement Firewall>1M Licence base WW

Reduces the impact of attacks inside an organization that coopt legitimate credentials

A key component of an organization’s “Zero Trust” architecture

17 to be announcedSept 25 (NDA Applies)

>150 Products & Services Submitted for evaluation

Data is the key to value, and it’s everywhere

Distribution of data is shifting,

and increasingly complex7 out of 10 bytes

of data will never see a data center1

Must secure data centers, cloud,

edge and devices – and the data

traveling between them

[1]Source: Gartner, Top 10 Strategic Technology Trends for 2018: Cloud to the Edge, Published: March 8, 2018

22

Shifting threats require a more holistic approach

Loss of functionis the new weapon

With many intelligent devices

independently processing,

data and controlmust be secured at every point

23

Cyber crime is estimated to cost

the world economy

$6 trillion by 20211

Product security bolted on

instead of designed inFederal certifications

plans not designed into

schedule

Insecure

development

practices &

processes

Unsecure

open source

Insecure

manufacturingCounterfeiting &

grey market sourcing

Transit & delivery

interception &

tampering

Insider

threats

BIOS

rootkits

MBR & OS

rootkits

Firmware

rootkits

[1] Forbes, The True Cost Of Cybercrime For

Businesses, Published July 2017

This holistic approach has three points of focus

Protectnew vulnerabilities

Detectintruders fast

Recoverquickly from an attack

280% increasein attacks on IoT devices1

~$20Kdaily cost ofan attack3

~46 daysrecover time

from an attack3

146 daysmedian time an attacker stays within

a network without detection2

1 f5 labs, “The hunt for IoT,” July 20172 Microsoft Advanced Threat Analytics datasheet. 3 Ponemon Institute, “2015 Cost of Cyber Crime Study: Global”

24

Build defenses against new vulnerabilities

25

Secure supply chain

Aruba ClearPass

Secure transition to cloud

Gen10silicon root of trust

HPE 3PARHPE Nimble Storage

Complete control over

silicon and firmware

Anti-counterfeit & Interdiction

Role-based access control

Encryption of Data in Motion

TPM Modules in Networking

Security Everywhere From

Edge to Cloud with HPE

PointNext Cloud

Technologies Providers

Ensure firmware integrity

Cyber Security Insurance

Self-encrypting drives

FIPS 140-2 level 2

Protect DETECT RECOVER

IMPLEMENTATION GUIDELINE – SILICON ROOT OF TRUST

26

You may qualify for enhanced terms and conditions when negotiating individual cyber insurance policies with participating insurers

Available in HPE Gen10 Server1 Products Include:✓ HPE ProLiant (DL, ML, BL)✓ HPE Synergy✓ HPE Apollo✓ HPE SimpliVity✓ Edgeline 8000

1iLO 5 with Silicon Root of Trust

Ensure that the firmware runtime verification is activated, to scan firmware every 30 days, at a minimum.✓ Alerts for compromised

firmware✓ Automatic recovery to

last known trusted state

HPE customers with silicon root of trust enabled may engage with participating cyber security insurers for enhanced terms and conditions on individually negotiated cyber insurance policies.

Start taking advantage Cyber CatalystSM accepted silicon root of trust and negotiate individual cyber insurance policies from participating insurers.

Silicon Root of Trust iLO Advanced License Review Policy Win with HPE

COMPETITION FIRMWARE VERIFICATION PROCESS

Firm

war

eH

ard

war

e(S

ilico

n)

Syst

em

Secu

re B

oo

t

Standard BMC

UEFI BIOS

BMCFirmware

Operating System Boot

loader

SPSFirmware

Only at boot-up

No Recovery of BMC

Limited recovery of just BIOS

Server StartFirmware connection to operating system through secure boot

SPS Firmware Server Platform Services

BMC Firmwareverification of server management firmware.

Standard BMCoff-the-shelf BMC ASICs from ASPEED, Marvell & others.

VERTICAL PROTECTION FROM BOTTOM TO TOP

Option ROMOption ROM verified for authenticity and validity

Secure BootIf all firmware is valid, server will allow the OS to Boot

SPSFirmware

Firmware also checks the server platform services

I.E.Firmware

Firmware also checks the innovation engine firmware

CPLD FirmwareNext, the iLO firmware checks the system programmable logic device (CPLD)

BMC FirmwareWhen a server is powered-on, the silicon chip immediately checks the firmware

BMC/iLO5 Silicon Chip

Hash Inserted into the silicon by opening gates

Firm

war

eH

ard

war

e(S

ilico

n)

Syst

em

Option ROMFirmware

Recovery Firmware (iLO, UEFI, I.E., and

Option ROM)

SPSFirmware

I.E.Firmware

CPLDFirmware

Ch

ecki

ng

dai

ly, n

ot

just

at

bo

ot-

up

CustomHPE Chip

UEFI BIOS

Firmware

Operating System Boot

loader

UNDERSTANDING HPE SECURE VM ISOLATIONRESOURCE SEGMENTATION

29

Devices

Firmware

Memory

Cache

CPU Cores

VM

1

VM

3

VM

2

Hardened KVM-based Hypervisor

FIREWALLEDRESOURCES

Devices

Firmware

Hypervisor

Memory

Cache

CPU Cores

VM

1

VM

3

VM

2

SHARED RESOURCES

STANDARD CLOUD OPERATION HPE SECURE VM ISOLATION

Aruba 360 Secure Fabric

Aruba Secure Core

Secure Boot | Encryption | DPI | VPN | IPS | Firewall

ClearPass | IntroSpect

Integrated Attack Response

Aruba360 SecureExchange

3600 active cyber protection and secure accessfrom the edge, to the core, to the cloud—for any network

ARUBA 360 SECURE FABRICSIMPLIFYING SECURITY FOR THE DIGITAL ENTERPRISE

Controller/Gateway

Faculty

Studen

t

IOT

Guest

Users and Devices

Policy Enforcement Firewall

ClearPass

Device Insight enhanced discovery and profiling

DEVICE AND DATA

SECURITY AT CONNECTION

WPA3 enhanced security on open

networks

VIRTUAL OR HARDWARE COLLECTORS

ANALYZER

Controllersenforce the rules

Controller/Gateway

Doctor

Patient

IOT

Guest

Office365

EHR

n0tma1ware.biz

AirGroup

Users and DevicesApplications and

Destinations

Policy Enforcement Firewall

SIMPLIFY IT & IMPROVE SECURITY WITH

DYNAMIC SEGMENTATIONAPS, Switches or

WANconnect type doesn’t matter

ClearPass

Policy Managermakes the rules and follows

the user

Create user and IoT access

policies based on roles – who

they are, device type, where they

are, and/or other parameters

Segmentation of traffic

happens based on the

rules and the

enforcement

Identify intruders fast and maintain operations

33

Aruba

Introspect

Machine learning-based attack

detection, before damage occurs

HPE

InfoSight

Security rules detecting

anomalies

Security update notification

Gen10 run-time

detection

Scan at boot time and on a

regularly scheduled basis

Early detection from edge to cloud

HPE Pointnext vulnerability

detection and remediation

Develop the processes necessary

for quick remediation

DetectPROTECT RECOVER

INTROSPECTCONTINUOUS MONITORING

Packets

Flows

Logs

Third-Party Alerts

100+ Unsupervised and SupervisedMachine Learning

Models

Comprehensive Attack

Detection

10x acceleration

in incident investigation via

Big Data forensics

Resume operations quickly

35

HPE Pointnext backup and

recovery services

Keep your data safe and reduce

your risk of data loss from cyber

attacks

Server System

Restore

In the event of compromise, restore firmware,

operating systems, and applications

HPE StoreOnce

& HPE SimpliVity

Reliably write and restore

data without corruption

Data back-up & recovery in the

compute-storage stack

RecoverPROTECT DETECT

Gen10 security: only from HPE

HPE Gen10 server security is unique

HPE tested Gen10 vs competitors HPE Compliance Assistance

Only HPE makes our own HPE

iLO/BMC Silicon

HPE Silicon Root of Trust &

Spectre/Meltdown: protection from

exploiting vulnerability

Only HPE has Commercial

National Security Algorithms

(CNSA) in server management

Only HPE applied NIST 800-53

controls

– Highest & most comprehensive

government guidelines for

operating HW/SW in the world

– No competitors have this level

– Creates secure baseline for A.T.O.

– Accelerates certifications/

compliance

Only HPE has independent

verification

– Black Hat penetration testing

ranks HPE two generations

ahead of competitors

– InfusionPoints’ testing ranks HPE

two generations ahead of

competitors

– FBI commended HPE on security

focus

− Hardware Root of Trust

− Two Factor Authentication CAC

− CNSA Suite (former NSA Suite B)

− Prevent Firmware Attacks from OS

− Secure Erase of NAND Data

− Common Criteria & FIPS 140-2 Level1

− UEFI Secure Boot & Made in USA

− TPM 1.2 and 2.0

− NIST 800-147b BIOS

− PCI-DSS Compliance

− Secure Protocols

− Detecting Compromised Firmware

− Firmware Runtime Validation

− Chassis Intrusion Detection on Most

Servers

− HPE Rack Cabinet Door Detector

− Verified Boot

− Trusted eXecution Technology

− SIEM Tool Support

− Audit Logs

− Measured Boot

− Secure Auto Recovery

− Recover Operating Systems

(Automatically reinstalled)

− Data Collection for Forensics

Evaluation

− HPE Pointnext custom recovery services

− Optimize Performance using Workload

Optimization & Jitter Smoothing

Unmatched Security with Gen10 The Most Secure Server in the World

Protect Detect Recover/Optimize

Immutable Silicon Root of Trust for Secure Start with ability to automatically rollback to known-good firmware

Why HPE?

38

Technology

Process

People

Focused on products that are as

secure and resilient as

possible, using a holistic

approach

#1 in server security

Industry unique

NIST 800-53 controls

Utilizing power of machine-

learning to proactively

prevent attacks

Secure supply chain

Thank you

HPE Confidential

Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.© Ingram Micro Inc.40

Panel Discussion and Q&A

Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.41