March 28, 2013, 4:47 PM — When it comes to servers, IT and security professionals' concerns about targeted malware and data breaches are escalating while their confidence in their ability to identify and stop advanced threats is on the decline, according to a new survey by security firm Bit9.
"Targeted malware was the top security concern for the second year in a row," says Ilana Goddess, product marketing manager for Bit9, noting that 52.4% of survey respondents (up 15% from a year ago), cite targeted malware as their primary concern.
"The whole thing with targeted malware is that targeted threats are aimed at you," says Goddess. "They are the most difficult to defend against because it's like a virus that only affects you. And the attackers are not stopping. They'll persist until they get in whether it takes months or years. Antivirus isn't going to work because people haven't seen the signatures before."
In November and December of 2012, Bit9 polled 966 IT and security professionals worldwide for its second annual Server Security Survey. Most respondents (58%) administered up to 50 servers; 29% administered 100 to 500 servers; and 13% administered, on average, 2,000 servers. About one-half (51%) said they are running Windows as their primary platform (i.e., Windows comprises more than 75% of total servers); 12% said they are running Linux as their primary platform (up 13% from last year); 2% said they run Unix as their primary platform.
One-Quarter of Firms Have Been Victims of Targeted Malware
Goddess notes that it comes as no surprise that respondents again identified targeted malware and data breaches as a top server security concern, given the proliferation of such attacks in 2012. Attacks like Flame, Gauss, mini-Flame and the Flashback Trojan garnered significant media attention last year. Twenty-five percent of Bit9's respondents say they had been the victims of advanced malware (up 8% since 2012), while 18% said they didn't know whether they had been attacked (according to the F.B.I., two-thirds of breaches are detected by a third party). And according to security firm Mandiant, attackers have, on average, been in place for 416 days prior to detection.
At the same time, server data has become much more vulnerable to attack. Verizon's 2012 Data Breach Investigations report found that 94% of all data compromised in 2012 involved servers (an increase of 18% from 2011). Goddess says IT and security professionals are losing confidence in their ability to identify and thwart these advanced threats: Only 18% of respondents said they were very confident in their ability to stop advanced malware; 59% said they were somewhat confident, 20% said they were not confident (up from 10% in 2011) and 4% said they were unsure.
Security Pros Mistakenly Believe Virtual Servers Are More Secure
In addition to an increase in the use of Linux as the primary server platform, companies are increasingly going virtual. One-third of survey respondents say that more than 50% of their servers are virtual. Also, half of the respondents said they had deployed virtual desktops, are in the process of rolling them out or have plans to do so.
Goddess says many IT and security professionals believe that their virtual servers are more secure than their physical servers, despite a 2012 Gartner study that found 60% of virtualized servers were less secure than the physical servers they replaced.
"People think their virtual servers are more secure than their physical servers, but that's just not the case," Goddess says. "They're really the same vulnerabilities that you find elsewhere in physical servers, but somehow they think of virtual servers as not being as much on the frontline."
For instance, she says, many professionals think the frequent re-imaging of virtual servers protects them from advanced threats. However, she notes, these threats frequently get in and do their damage within 15 minutes, moving on to other areas quickly.
In fact, when asked to rank types of servers according to the risk they represent, only 6% of respondents considered virtual servers to be high risk. Most respondents (66%) felt Web servers were the most high risk; 38% felt file servers were high risk; 34% pointed to email servers; 26% cited domain controllers; 14% labeled application servers high risk; and 11% ranked databases as high risk.
Goddess says that may indicate that IT and security professionals are looking in the wrong direction. After all, the most valuable enterprise information is found on file servers (e.g., intellectual property), databases (e.g., customer information) and especially domain controllers (e.g., passwords, administrative rights).
IT and security professionals are also concerned about the administrative effort required by security solutions. When asked to rank their top concerns about server security, nearly 12% cited "too much administrative effort on security solution" as a top concern, ranking it even higher than an actual attack.
"These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals," said Brian Hazzard, vice president of product management for Bit9. "The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running."
Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at firstname.lastname@example.org
Read more about network security in CIO's Network Security Drilldown.