How Nvidia aims to demystify zero trust security

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

Nvidia sees how vulnerable its enterprise customers’ datacenters are, leading them to fast-track their zero-trust platform to close growing cybersecurity gaps.

Many enterprise datacenters rely on decades-old security infrastructure that stops at the perimeter. For bad actors and cybercriminals, this is the equivalent of leaving datacenters’ doors unlocked. As a result, Nvidia sees datacenter attack risks grow in complexity, speed, and severity to customer’s operations, combined with a need to support AI and data science workloads.

The latest series of announcements at Nvidia’s GTC 2021 event earlier this month reflects the urgency Nvidia has to harden datacenter security and support customers’ AI, machine learning, and data science workloads at scale.

Nvidia’s aims to demystify zero trust in datacenters

Nvidia continues to pursue an aggressive zero trust security strategy on its cybersecurity roadmap to the data processing unit (DPU) and software level, quickly capitalizing on its Mellanox acquisition finalized in 2020. Its most recent announcements at GTC 2021 include the launch of Nvidia DOCA 1.2 software for Nvidia BlueField DPUs combined with the latest release of Nvidia Morpheus. Designed to detect threats and breach attempts using unsupervised machine learning algorithms, Nvidia Morpheus is a continuously learning cybersecurity framework that adapts and modifies workflows based on accumulated data patterns.

“The rise of transformative innovations such as AI, 5G, and smart devices has dramatically expanded traffic moving through the modern datacenter, making it more difficult to identify potential breaches and attacks,” said Kevin Deierling, senior vice president of networking at Nvidia. “Nvidia’s three-pillar zero-trust security platform allows developers to create fully secure environments that protect virtually every aspect of the cloud-native datacenter, in real-time.”

Nvidia is succeeding at its mission of demystifying zero trust in datacenters, starting with its BlueField DPU architecture. Its architecture includes secure boot with hardware root-of-trust, secure firmware updates, and Cerberus compliant with more enhancements to support the build-out of its zero-trust framework. One of Nvidia’s core strengths is its ability to extend and scale DPU core features with SDKs and related software, while scaling to support larger AI and data science workloads.

Doubling down on DOCA development this year, Nvidia used GTC 2021 to announce the 1.2 release supports new authentication, attestation, isolation, and monitoring features, further strengthening Nvidia’s zero-trust platform. In addition, Nvidia says they are seeing momentum in customers and partners signing up for the DOCA early access program.

Morpheus enables zero trust at scale in datacenters

Nvidia Morpheus is an AI-based cybersecurity framework built on Nvidia RAPIDS and Nvidia AI. It’s designed to provide DevOps tools to cybersecurity developers and practitioners implementing cybersecurity applications, systems, and networks.

The latest release of the Nvidia Morpheus framework provides zero-trust developers and partners with the tools and frameworks they need to create and fine-tune customized models tailored to specific cybersecurity scenarios. Morpheus monitors network activity using unsupervised machine learning algorithms to understand typical behavioral patterns, as well as identity, endpoint, and location parameters across multiple networks. Nvidia has architected Morpheus to get new models to track network behavior and anomalies, each one with a specific digital fingerprint that is constantly scanned and analyzed.

During GTC 2021, Nvidia demonstrated how Morpheus could identify stolen privileged access credentials and thwart a breach with stolen credentials and indentures. In addition, Morpheus models running on Nvidia GPUs can be scaled and parallelized to support massive networks, enabling cybersecurity teams to apply enhanced capabilities to detect anomalies quickly and reliably. The following graphic explains how the Morpheus AI cybersecurity framework architecture is constructed based on the BlueField DCU, DOCA software releases, and Nvidia Morpheus network:

Image Credit: Nvidia

Nvidia’s zero-trust platform designed for partners

The DOCA 1.2 software release is designed to help Nvidia partners and developers fast-track their code development and get software-defined and hardware-accelerated networking, security, storage, and management applications up and running quickly on BlueField DPUs. In addition, the 1.2 release provides partners with the zero-trust support and features they need to release their applications and optimize them for the BlueField DPU in conjunction with Morpheus.

Key partners running on the BlueField DPU using DOCA code include Juniper Networks, which was among the first to commit DevOps resources to the project. “Zero-trust security should be a fundamental pillar of any security strategy. Introducing new ways to operationalize the technology will make it more pervasive across the industry,” said Raj Yavatkar, chief technology officer of Juniper Networks. “Juniper has long advocated for open architectures to ensure customers have a choice. With DOCA, each individual organization will be well aligned to meet its digital transformation needs. The application of such approaches will help customers better secure their cloud workloads and adopt zero-trust principles.”

ARIA Cybersecurity Solutions, Cloudflare, F5, Fortinet Guardicore, and hybrid-cloud platform providers Canonical, Red Hat, and VMware are also working with Nvidia to optimize and integrate datacenter security software with the Nvidia Morpheus AI framework, the company says. Having zero trust in silicon is the assurance that chief information security officers (CISOs) need to anchor and secure tech stacks: Atos, Dell Technologies, GIGABYTE, H3C, HPE, Inspur, Lenovo, QCT, and Supermicro have Nvidia-certified systems today.

Zero-trust platforms need to scale across hardware to succeed

Nvidia is aligning its core strengths to its customers’ most potentially lethal cybersecurity risks. Releasing DOCA 1.2 with zero-trust platform support, so partners can develop and scale their systems on the Nvidia BlueField DPU, is needed to further simplify and scale zero trust across datacenters.

Like Nvidia CUDA, which enables developers to build applications that take advantage of Nvidia GPUs, DOCA lets developers build software-defined and hardware-accelerated networking, security, storage, and management applications for BlueField DPUs. Additional cybersecurity companies taking a hardware-based approach to provide zero trust security in enterprises include Absolute Software, Hewlett Packard Enterprise’s iLO five silicon root of trust, Sepio Systems, and Intel’s extensive zero trust developments, including Intel Software Guard Extensions (Intel SGX), Intel Virtualization Technology, Intel Control-Flow Enforcement Technology and Intel Threat Detection Technologies,

Unlike semiconductor producers that embed zero trust into their infrastructure-on-a-chip designs, Absolute has partnered with 28 device manufacturers to embed endpoint visibility and control in device firmware. At last count, there are 500 million devices that have Absolute’s firmware installed, according to the company.

Like Nvidia, Absolute is also pursuing a partner-based strategy to expand zero-trust security support across enterprises. Its recently announced Application Persistence-as-a-Service (APaaS) focuses on providing ISV and system manufacturer partners with DevOps tools to integrate with Absolute firmware already installed on endpoint devices. The goal of the program is to provide partners with access to device-level health, asset management, and threat detection data, further increasing the resiliency of endpoint devices. Absolute recently closed on the acquisition of NetMotion, bringing needed zero-trust network access (ZTNA) products into the Absolute platform, which is now considered the first self-healing zero-trust platform.

Addressing the challenges of zero trust in the datacenter

CISOs tell VentureBeat that datacenters are often the most challenging aspect of implementing any zero-trust strategy because trust-based domain configurations to the server level dominate tech stacks. It’s a massive undertaking to implement least-privileged access to the server configuration and integration levels, much less achieve microsegmentation or true identity access management (IAM) and privileged access management (PAM) in a legacy infrastructure environment. Top-down approaches to fixing legacy tech stacks to support zero trust are hard to do well. Nvidia’s approach of starting with silicon, enhancing zero-trust capabilities at scale with DOCA releases that also capitalize on accumulated learning on Morpheus, takes a more foundational approach to solving zero trust in datacenters. The build-out of the partner base, as well as whether or not Nvidia can maintain the quick pace of innovations on DOCA and their BlueField DPU, will determine the success of Nvidia’s zero trust solution.

Originally appeared on: TheSpuzz