2013 server security survey report fnl 40111

8/13/2019 2013 Server Security Survey Report Fnl 40111

1/14

2013 Bit9

Server Security

Survey Report


2/142013 Bit9 Server Security Survey Report

Executive SummaryIn October 2013, Bit9 conducted its third-annual survey on server security, polling 799 IT and

security professionals worldwide. In the past year, the inability to detect or stop advanced attacks

has remained a constant challenge for enterprises. In 2013, Adobe, LivingSocial, Evernote, Twitter,

NBC.com, and NYTimes.com fell victim to cyber attacks. These attacks all involved compromised

servers that either resulted in defacing or shutting down a website to stealing millions of customer

records. Breaches of this nature can hurt brand equity or reduce consumer confidence. Therefore, it

is important to bolster IT security at every level, but most importantly it is essential to secure server

environments. This survey was designed to analyze these challenges from respondents who are

responsible for their organizations security posture.

Key Findings:1. Targeted attacks and data breaches are top concerns for organizations, but confidence

in being able to detect or stop them on their servers has dropped for the secondconsecutive year.

2. Virtual servers continue to be perceived as more secure than physical ones, despiteadmitted advanced attacks.

3. Administrative effort for server security remains uncomfortably high for the second year

in a row.

These findings highlight the urgent need for maximum visibility across server environments to

fuel more advanced threat detection and protection techniques that will prevent the execution of

advanced malware and zero-day attacks.

About Survey Respondents

The majority of respondents (51 percent) administer at or fewer than 100 servers, 22 percent

administer between 101 and 500, and 28 percent administer more than 500 servers.

76 percent of respondents had Windows running on more than half of their servers, with 11

percent running Linux on more than half of their machines. When it came to Linux distributions,

Bit9 found that 47 percent were running Red Hat Enterprise Linux, 23 percent were running

Ubuntu Server, and 22 percent were running CentOS. 43 percent of security professionals statedthat more than half of their servers were virtual.

When polled regarding what security solutions respondents were running on their servers, 92

percent of organizations were running antivirus (AV) on their servers, 37 percent were running

file integrity monitoring, 29 percent were running application whitelisting, and 11 percent were

running behavioral host-based intrusion prevention systems (BHIPS).



How many total servers do you administer?

What Linux distributions are you running?

What security solutions are you using on your servers?

92% 37% 29% 11% 8%

Antiviru

s

FileInt

egrity

Monito

ring

Applica

tion

Whitelistin

g

BHIPS Other

51%500



Key FindingsKey Finding #1:Targeted attacks and data breaches are top concerns fororganizations, but confidence in being able to detect or stop them on their

servers has dropped for the second consecutive year.55 percent of security professionals ranked targeted attacks and data breaches as their top

concern in 2013up 3 percent from 2012, and up 18 percent from 2011. Interestingly, 17

percent ranked meeting and maintaining compliance as their top concern and 16 percent ranked

unauthorized changes or impacts to system uptime and performance as a top concern.

With 54 percent of all data compromised originating from servers in 20121, server data continues

to be one of the most prominent focuses of advanced attacks. This is even more important when

considering 26 percent of respondents reported that their organization had been hit by advanced

malwareup 1 percent from 2012, and up 9 percent from 2011.

2013 2012 2011

12%12%

18%16%

19%17%

52%

37%

55

%

Meeting and maintainingcompliance requirements

Unauthorized change impacts our systemavailability/uptime/performance

Targeted attacks and data breaches

2011 2012 2013

17% 25% 26%

2012 2013

18% 25%

2011 2012 2013

83% 57% 50%

I dontknow.Yes,we have. No, wehave not.

What is your top concern regarding your server security?

Have you been hit by advanced malware?

1Verizon 2013 Data Breach Investigations Report



Server security is about much more than just protection. Security professionals understand

the importance of detecting advanced malware as it arrives as well as protecting their critical

data from compromise. This is why it is surprising to see that 59 percent of respondents were

only somewhat confident in their ability to detect advanced threats, and 24 percent were not

confident at all in their ability to detect advanced threats arriving on their servers. Additionally,

25 percent of respondents had no idea whether they have been hit by advanced malware

highlighting a visibility challenge many security professionals may have about malicious files

arriving in their enterprise.

When it came to protection, once again 59 percent of respondents were somewhat confident

in their ability to stop advanced threats, with 22 percent not confident at all in the protection

solutions on their organizations serversup 2 percent from 2012.

Alarmingly, however, 24 percent of respondents who claimed to be very confident in their

ability to stop advanced threats on their servers also admitted that their servers had been hit by

advanced malware. And of those same respondents, only 71 percent were very confident in theirability to detect advanced threats on those same servers.

Considering cross-platform malware that can impact a variety of different platforms, ensuring

security across multiple server platforms is essential. Regarding Linux servers specifically, 43

percent of respondents were only somewhat confident in their security, and 17 percent were

not confident at all. Also, of the respondents who admitted to being hit by advanced malware, 26

percent had more than 1,000 servers in their organization and at least 68 percent had one or more

distributions of Linux running in their server environment.

Not surprisingly, of the respondents who stated they were not confident in their ability to stop

advanced threats, 31 percent had been hit by advanced malware.

How confident are you in your ability to stop advancedthreats targeting your servers?

59%13% 22%7%



Key Finding #2:Virtual servers continue to be perceived as more securethan physical ones, despite admitted advanced attacks.

While 52 percent of respondents rated Web servers as posing the highest risk to their

organizations securityonly 3 percent of respondents rated virtual servers as posing the highest

risk. Overall, 49 percent of respondents rated their virtual servers as having a higher level ofsecurity than physical servers.

Although its not surprising that respondents felt their virtual servers are more secure than their

physical servers, what is surprising is that file serverswhich typically hold large quantities

of intellectual propertyand domain controllerswhich hold administrative rights and

passwordswere not top concerns for respondents. And of respondents who administer an

environment consisting of more than 75 percent virtual servers, and who rated virtual servers as

having a higher level of security, 24 percent still admitted to being hit by advanced malware.

59 percent of security professionals also viewed operational VM management, access control,and auditing as their top concern regarding virtualizationbut only 32 percent said advanced

attacks against their virtual servers were a top concern. This continues to highlight a misperception

among security professionals that virtual server environments are highly secure, despite an

inability to thwart advanced threats on any server platformincluding virtual ones.

Which types of servers pose the highest risk?



Key Finding #3: Administrative effort for server security remainsuncomfortably high for the second year in a row.

44 percent of security professionals stated that managing their servers required more than one

Full-time equivalent (FTE)up 1 percent from 2012. Not surprisingly, of that 44 percent, 93 percent

were running AV on their servers, 48 were running file integrity monitoring (FIM), and only 36percent were running a form of application control or whitelisting.

Both AV and FIM have continued performance issues with deploying signature updates, testing,

audits, and tracking unauthorized changes that can cause delays and excessive workloads.

Additionally, server security teams are managing multiple security solutions in their environment

across a wide range of platforms to ensure protection. Of the 44 percent of respondents who

used more than one FTE to manage their servers, 73 percent had more than 100 servers in their

organization.

Organizations using more than one FTE to manage their server security.

2013

44%

2012

43%



ConclusionServer security is one of the most critical aspects of any companys security posture. It is where

the majority of data (intellectual property) is stored and where every user credential is kept. It

is increasingly obvious that failure to protect servers can lead to a breach that results in data

loss, brand damage and diminished customer confidence. Once again this year, the trend

continued that organizations lack the necessary tools to properly detect and protect their server

environments against advanced threats.

The initial problem appears to be the low adoption rate of new-generation server security

solutions. Consistently, an overwhelming number of respondents used AV technologies (92

percent), but less than a third of organizations implemented any type of application control or

whitelisting solution (only 29 percent)despite 26 percent of respondents admitting to having

been hit by advanced malware.

Servers, which typically do not need the flexibility to dynamically install a wide range of potentiallyuntrusted applications, shouldfor the most partbe locked down. Failure to do so invites

trouble. Older server security solutions that rely on signatures to identify malware leave large gaps

in protection against unknown zero-day attacksamong other known untrusted software not yet

registered on AV blacklists. It is no surprise that more than a quarter of respondents acknowledged

that their servers had been attacked.

About Bit9Bit9 is the leader in a new generation of endpoint and server security based on real-time visibilityand protection. Bit9 is the only solution that continuously monitors and records all activity on

endpoints and servers and stops cyber threats that evade traditional security defenses. Bit9s

real-time sensor and recorder, cloud-based services, and real-time enforcement engine give

organizations immediate visibility to everything running on their endpoints and servers; real-time

signature-less detection of and protection against advanced threats; a recorded history of all

endpoint and server activity to rapidly respond to alerts and incidents; and real-time integration

with network security devices such as FireEye and Palo Alto Networks. 1,000 organizations

worldwidefrom 25 Fortune 100 companies to small businessesuse Bit9 to increase security,

reduce operational costs and improve compliance.



Appendix SurveyQuestion #1: Where is your organizations headquarters located?

Answer Choices Responses

North America 81.73%

653

United Kingdom 3.25%26

Europe 4.63%

37

Middle East 3.63%

29

Africa 0.50%

4

Asia 4.01%

32

South America 1.25%

10

Australia 1.00%

8

Total 799

Question #2: How many total servers are in your organization?


1,000 18.40%

147

Total 799



Question #3: What percentage of your servers are:

0% 75% Total

Windows 1.53%

12

8.43%

66

14.43%

113

25.29%

198

50.32%

394

783

Linux 9.89%

62

56.94%

357

22.17%

139

5.58%

35

5.42%

34

627

Unix 33.84%

157

48.92%

227

13.15%

61

3.45%

16

0.65%

3

464

Mac OS X 60.41%

238

32.99%

130

5.08%

20

1.27%

5

0.25%

1

394

Other 61.88%

211

32.84%

112

3.81%

13

0.88%

3

0.59%

2

341

Question #4: What types of Linux distributions are you running in your server

environment? (Select all that apply)


Red Hat Enterprise Linux 46.81%

374

CentOS 22.15%

177

Ubuntu Server 22.90%

183

SUSE Linux Enterprise Server 16.27%

130

Fedora 7.63%61

I dont know 14.14%

113

Not running Linux 20.65%

165

Total Respondents: 799



Question #5: What is your top concern regarding your server security?


Targeted attacks and data breaches 55.32%

442

My current server security solution requires too much administrative effort 11.89%

95

Unauthorized change impacts our system availability/uptime/performance 15.89%

127

Meeting and maintaining compliance requirements 16.90%

135

Total 799

Question #6: What security solutions are you using on your servers?

(select all that apply)


Antivirus 91.74%

733

Application Whitelisting 28.54%

228

BHIPS 11.14%

89

File Integrity Monitoring 37.05%

296

Other (please specify) 8.39%

67

Question #7: Have you been hit by advanced malware?


Yes 25.78%

206

No 49.69%

397

I dont know 24.53%

196

Total 799



Question #8: Rank this list of servers in terms of their risk to your security (1=highest risk)

1 2 3 4 5 6 7 Total AverageRanking

Webservers

52.07%

416

15.89%

127

8.76%

70

7.01%

56

5.26%

42

5.26%

42

5.76%

46

799

5.64

File servers 12.14%

97

24.91%

199

18.27%

146

19.40%

155

13.89%

111

6.13%

49

5.26%

42

799

4.63

Domaincontrollers

8.51%

68

13.64%

109

23.53%

188

16.65%

133

16.90%

135

11.89%

95

8.89%

71

799

4.09

Emailservers

11.14%

89

18.52%

148

17.15%

137

25.91%

207

9.76%

78

11.01%

88

6.51%

52

799

4.36

Virtualservers

2.75%

22

3.50%

28

6.63%

53

11.26%

90

32.29%

258

21.03%

168

22.53%

180

799

2.80

Databaseservers

9.51%

76

11.39%

91

13.39%

107

8.89%

71

12.77%

102

34.04%

272

10.01%

80

799

3.54

Applicationservers 3.88%

31

12.14%

97

12.27%

98

10.89%

87

9.14%

73

10.64%

85

41.05%

328

799

2.95

Question #9: How many FTEs are currently managing your server security?


1 FTE 44.43%

355

Total 799

Question #10: How confident are you in your ability to stop advanced threats

targeting your servers?


Very confident 12.77%

102

Somewhat confident 58.82%

470

Not confident 21.78%

174

Unsure 6.63%

53

Total 799



Question 11: How confident are you in your ability to detect advanced threats

targeting your servers?



102


465


188

Unsure 5.51%

44

Total 799

Question 12: How confident are you with regard to security on your Linux servers?



111


342


139

Unsure 8.26%

66

N/A 17.65%

141

Total 799

Question 13: What percentage of your servers are virtual?


0% 8.39%

67

75% 21.53%

172

Total 799


14/14

Question 14: Do your virtual servers provide a higher or lower level of security

than the physical servers they replaced?


Higher 49.44%

395

Lower 21.03%

168

N/A 29.54%

236

Total 799

Question 15: Which area is the biggest security concern when it comes to virtualization?


Technical (hypervisor attack, service console attacks) 31.91%

255

Operational (VM management, access control, auditing) 58.57%

468

N/A 9.51%

76

Total 799

266 Second Avenue

Waltham, MA 02451 USA

P617.393.7400 F617.393.7499

www.bit9.com

2013 Bit9, Inc. All rights reserved. Bit9 is a registered trademark of Bit9. All other trademarks and registered trademarks are the property of their

respective owners. Bit9 reserves the right to change product specifications or other product information without notice.

2013 server security survey report fnl 40111

Documents