Server Security: Virtualization and Cloud Changes Everything FIGURE 1 Worldwide Corporate Server Revenue share by Vendor, 2014 Other (22.7%) Trend Micro (30.3%) Vendor 5 (6.8%) Vendor 4 (7.6%) Vendor 2 (20.2%) Vendor 3 (12.4%) Source: IDC, 2016 FIGURE 2 2009-2014 Server Revenue ($M) with Shares Source: IDC, 2016 ©2016 IDC 3 Key Technology Trends in Server Security Server security formerly consisted of two primary functions — antimalware and host intrusion protection. Antimalware applications were specifically designed to scan mail and file servers for malware to ensure that the server applications didn"t pass on malicious payloads. Host intrusion protection was designed to harden the server"s operating system against attack. These solutions also might have included a firewall to control a server"s ports. Although these components still exist, server security has been vastly improved with the consolidation of additional security functions. These new features don"t just protect individual servers; by extension, they make the whole datacenter more robust against attack. Additional capabilities include application scanning, file integrity monitoring, Web threat protection, virtual patching, log inspection, and data protection. Server security has also been modernized to deal with specialized malware and with Web-borne threats that are often used to execute sophisticated targeted attacks. Threats targeting endpoints—both desktops and servers—seem to be never-ending. The speed with which threats are growing makes it increasingly difficult for signature-based antimalware to keep up. Signature databases are likewise growing, thus potentially impacting performance and making antimalware less relevant as a single point of server security. Security products are moving to rely less on signatures, instead adopting other forms of detection. Many products have incorporated behavioral heuristics, for example, to uncover malicious activities, or they incorporate application controls that limit what applications can run. Additionally, to reduce the growth in signature files, many vendors are using Web-based threat intelligence (to include file and URL reputation services) that can identify threatening and malicious content available on the Internet and blocking access to that content before it ever reaches the datacenter. Server security isn"t just about protecting the operating system; it also must be able to understand the vulnerabilities of hosted applications in order to prevent cybercriminals from exploiting vulnerabilities and remotely compromising Web applications. Server security has evolved to adjust to the virtualization of the datacenter (including cloudresident servers). As enterprise IT becomes more virtual, security providers have begun to offer specialized protection to seamlessly support organizational needs for securing internal, external, and hybrid application workloads. To be effective in this setting, security solutions have to understand the hosting environment so that performance can be maximized without the loss of security functionality. And with the virtual data center, the ability to detect lateral movement and protect against attacks (“east-west traffic” challenge) is a critical new requirement. Security must also be able leverage the native characteristics of a virtual environment to be both efficient and effective. Where it makes most sense, like server intensive activities like antimalware scanning, deploying at the hypervisor enables holistic monitoring of all virtual machines (VMs) with minimal performance impact. Where hypervisor-level security is not practical--such as in the cloud--deep integration with the environment (e.g. Amazon Web ©2016 IDC 4 Please complete the form to gain access to this content Access Now Related Resources 6 Schritte Fur Umfassende Container-Sicherheit In AWS
FIGURE 1 Worldwide Corporate Server Revenue share by Vendor, 2014 Other (22.7%) Trend Micro (30.3%) Vendor 5 (6.8%) Vendor 4 (7.6%) Vendor 2 (20.2%) Vendor 3 (12.4%) Source: IDC, 2016 FIGURE 2 2009-2014 Server Revenue ($M) with Shares Source: IDC, 2016 ©2016 IDC 3 Key Technology Trends in Server Security Server security formerly consisted of two primary functions — antimalware and host intrusion protection. Antimalware applications were specifically designed to scan mail and file servers for malware to ensure that the server applications didn"t pass on malicious payloads. Host intrusion protection was designed to harden the server"s operating system against attack. These solutions also might have included a firewall to control a server"s ports. Although these components still exist, server security has been vastly improved with the consolidation of additional security functions. These new features don"t just protect individual servers; by extension, they make the whole datacenter more robust against attack. Additional capabilities include application scanning, file integrity monitoring, Web threat protection, virtual patching, log inspection, and data protection. Server security has also been modernized to deal with specialized malware and with Web-borne threats that are often used to execute sophisticated targeted attacks. Threats targeting endpoints—both desktops and servers—seem to be never-ending. The speed with which threats are growing makes it increasingly difficult for signature-based antimalware to keep up. Signature databases are likewise growing, thus potentially impacting performance and making antimalware less relevant as a single point of server security. Security products are moving to rely less on signatures, instead adopting other forms of detection. Many products have incorporated behavioral heuristics, for example, to uncover malicious activities, or they incorporate application controls that limit what applications can run. Additionally, to reduce the growth in signature files, many vendors are using Web-based threat intelligence (to include file and URL reputation services) that can identify threatening and malicious content available on the Internet and blocking access to that content before it ever reaches the datacenter. Server security isn"t just about protecting the operating system; it also must be able to understand the vulnerabilities of hosted applications in order to prevent cybercriminals from exploiting vulnerabilities and remotely compromising Web applications. Server security has evolved to adjust to the virtualization of the datacenter (including cloudresident servers). As enterprise IT becomes more virtual, security providers have begun to offer specialized protection to seamlessly support organizational needs for securing internal, external, and hybrid application workloads. To be effective in this setting, security solutions have to understand the hosting environment so that performance can be maximized without the loss of security functionality. And with the virtual data center, the ability to detect lateral movement and protect against attacks (“east-west traffic” challenge) is a critical new requirement. Security must also be able leverage the native characteristics of a virtual environment to be both efficient and effective. Where it makes most sense, like server intensive activities like antimalware scanning, deploying at the hypervisor enables holistic monitoring of all virtual machines (VMs) with minimal performance impact. Where hypervisor-level security is not practical--such as in the cloud--deep integration with the environment (e.g. Amazon Web ©2016 IDC 4
