One area of security we often overlook is that of the servers themselves. Most of our servers have some sort of remote access card built into them to provide remote access in case the server is hung up as well as to provide enhanced alerting of hardware errors.
However, this recent ZDNET article (https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/) reminds us that our servers themselves can be used by malware to shred our network security and allow other bad guys to hide in our networks in a virtually undetectable space.
The solution is to be just as vigilant about patching BIOS, firmware and drivers on your servers, remote access cards, etc. as we should be on our server and workstation operating systems, Java, Flash, Adobe, switches and routers. Patching servers at this level can be a pain and there is at least some downtime.
If you need help getting this done for your physical servers, let us know.