It’s important to protect all of your devices, but with servers, the stakes can be stratospheric. Hackers who compromise a server can potentially harvest data for years and gain access to devices, processes, and information throughout an organization — a nightmare scenario. A panel of experts discussed the threat to servers in a recent webinar hosted by AppGuard & Carahsoft.
Companies spend a lot of time and money to detect and react to server threats, but much of that investment is wasted since current server defense strategies don’t work. That’s because they’re adapted from endpoint solutions designed for PCs and workstations that also don’t work. These solutions rely on scanning, signatures, indicators of compromise, etc., to alert monitors to threats. They also drive up administrative overhead by requiring constant attention and configuration after deployment.
AI-machine learning-based protection, anti-virus and endpoint detection, and response system are widely deployed. And still, they’re breached daily. Often, it only takes minutes or seconds for a bad actor to achieve a compromise. But the breach can go undetected for months. In fact, the Verizon 2018 Data Breach Investigations Report found that 68 percent of breaches took months or longer to discover.
Addressing the Threat to Servers by Looking for the Bad Guy
In the webinar, Tony Cruz, Vice President of Next Generation Tech Security for BNY Mellon, discussed some of the challenges involved in protecting servers. The efforts companies typically make include:
- Encryption to protect data at rest or in motion
- API security
- CPU memory security
- Identity and access management.
Cruz rightly called these measures “the new perimeter in cyberspace.”
The problem with the server defense methods most companies use to protect those assets and processes is that the solutions are based on looking for the bad actor, which could be:
- Presented in a misleading way
- Inactive while waiting for an opportunity to attack.
AppGuard Server was designed from the ground up as a zero-trust solution that doesn’t rely on ferreting out the bad guy.
Reducing the Attack Surface Through Prevention
An AppGuard customer who uses our never-breached endpoint solution wanted that same level of protection for servers, and that was the inspiration behind AppGuard Server. The strategy that underlies AppGuard Server’s design is the polar opposite of the approach used by detect and respond solutions. AppGuard Server prevents malicious code from operating — before it can send the signals that detect and respond solutions rely on to identify bad actors.
A strategy based on reducing the attack surface works. AppGuard Server works by:
- Suppressing unnecessary utilities
- Locking utilities down and unlocking them only when needed with a unique context-driven-launchTM mechanism that prevents malicious code from harnessing powerful apps
- Isolating the rest of the endpoint from individual apps and utilities.
AppGuard Server is also designed to:
- Limit what executables and scripts can do without resorting to whitelists
- Demote processes of dubious origin so they don’t have the privileges needed to cause harm.
AppGuard Server also designates Power Apps that effectively unlock locked-down resources in real-time so that custom software resources operate smoothly.
Stopping Malicious Attacks Dead in Their Tracks
As an example of how AppGuard Server works, consider a weaponized Excel file that is passed around an organization. AI and machine learning-based solutions and sandboxing won’t detect it because the malicious file is designed to execute only when it reaches further into the infrastructure. Once it achieves that aim, it executes, penetrating the perimeter and attempting to embed in the registry or active directory.
Attacks like that can and do succeed against detect and respond solutions every day. But AppGuard Server would stop the malicious attack dead in its tracks by preventing it from running. The attack doesn’t have to be a recognized threat. AppGuard Server has built-in mechanisms to thwart attacks designed specifically for servers, with CPU, memory and other server features factored into its design.
If you missed the webinar on how to protect servers in an unpredictable world, it’s not too late to check it out. The discussion covers server issues in more detail, including common problems with current solutions, such as system degradation, administrative overhead and frequent breaches. If you’re worried about the safety of your servers, check out the webinar — and check out AppGuard Server.