Server Security: A Reality Check

Regardless of how they initially enter the organization, most attackers today still aim to compromise internal servers to steal user credentials, steal sensitive data, and turn compromised servers into hosting platforms used to help attackers steal even more assets. Yet, despite all the layers of security in place today, servers are still vulnerable.

This white paper concludes that organizations must leverage a variety of tools to effectively protect their servers – and the sensitive data stored on their servers – from advanced attacks. Such solutions include:

  • Application control. Given that servers have a well-defined set of normal applications, those applications running outside of this set are immediately suspect. Application control can be used to prevent unauthorized applications from executing on a server and log attempts made for unauthorized execution.
  • File integrity monitoring. Once attackers compromise key systems, they want to make sure they have a way back in. In some cases, this is accomplished not by installing new software, but by making changes to the configuration files of existing software. File integrity monitoring enables security teams to detect these intrusions and helps incident responders quickly determine how many other files were modified.
  • Log monitoring. Continuous log monitoring enables security teams to detect a compromise as it is in progress and allows responders to mitigate the threat. Log management systems should be configured to emphasize events that either have historically contributed to compromise detection or are most likely to flag specific activity related to compromise.

Download now!