Protecting Your Servers

Michael Bilancieri, technical consultant at Bit9 says that server security complacency can lead to security breaches

Tags: Bit9 (www.bit9.com)
  • E-Mail
Protecting Your Servers Michael Bilancieri, technical consultant at Bit9 says that today’s hackers design their malware to get round particular security protection software or hardware.
By  Michael Bilancieri Published  December 2, 2012

Michael Bilancieri, technical consultant at Bit9 says that server security complacency can lead to security breaches.

Yahoo, LinkedIn, Global Payment Systems, Zappos, eHarmony. What do these large companies all have in common? Their servers were successfully attacked by hackers allowing large amounts of data to be stolen from them, in turn, tarnishing their brand and impacting their customers.

I would venture a guess that they also had a few other things in common. One being that they all had numerous security controls in place intended to prevent such attacks, and they were probably confident that these controls were adequate. Now, this certainly isn’t intended to be an indictment on these particular companies, they just happen to be some of the more recent victims of cybercrimes, while suffering the misfortune of bad PR as a result.

The fact is that many companies, both large and small, are breached every day. Many are confident in the security measures in place on their servers to prevent theft of confidential data, but that is where it stops. Complacency can set in because these measures generally meet the necessary regulations and auditor controls that allow security teams to check the box providing a false sense of security. If it is good enough to get signed off, then it’s assumed good enough to protect. But good enough never seems adequate when a breach occurs.

Even with all the public breaches, it is still common to hear that servers are covered or locked down. Interestingly, there is often a remediation plan in place along with all the other security solutions for when something bad gets through and infects the locked-down systems. So on one hand we hear that servers are secure, but on the other hand we hear about remediation solutions in place to eradicate a virus that gets in. And not surprisingly, these remediation plans are enacted relatively frequently. If remediation is a common occurrence, we should question how locked down our systems actually are.

You can read the headlines where the response to a breach is often either an exploit that existing solutions failed to see or admission that a vulnerability existed. This is the complacency I’m referring to.

Threats

Today’s hackers design their malware to get around typical protections and to get in and grab what they want quickly and can do irreparable damage within a short window. A typical threat can successfully steal data in less than 15 minutes. So there is a small amount of time to allow for detection and eradication of these advanced threats.
So am I saying that advanced threats can’t be stopped so why bother trying? Not at all.
We need to cover all surfaces of attack to be sure that the hackers can not succeed even when they do get past the guards at the gate.

Whitelisting prevents the bad stuff from being able to get started and allows good software to run and does not rely on previous knowledge about a virus to actually protect against it. It provides a proactive preventative approach, rather than typical reactive approaches to already successful attacks. I know, but whitelisting and application control is hard, right?

Well, not really. Have you looked at it lately?

We’ve made substantial advancements to reduce the overhead and disruptive qualities previously associated with whitelisting and app control to make it scalable and efficient to minimise administrative overhead and end-user disruptions.

With the active threat landscape and all the recent breaches of critical servers and server data, we can’t afford complacency, which can be extremely costly for any business, large or small.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code