Organizations today are facing significant challenges as they adopt the latest technologies to power business success. With major shifts from physical to virtual to cloud having occurred in the past 10 years, architectures have changed significantly and the rate of change is not slowing down. Many enterprises have already adopted containers as a key piece of their infrastructure, with containers being actively deployed into production for both legacy and cloud native applications. Looking beyond containers, serverless functions are on the horizon for broad enterprise adoption, adding a new set challenges for security teams.
At the same time, attacks are increasing in frequency and sophistication, highlighted by the over 48 billion threats blocked by the Trend Micro™ Smart Protection Network™ in 2018. Specific to ransomware attacks, Trend Micro Research reported over 200 new detected ransomware families in 2018. With over $8 billion in revenue attributable to ransomware in 20181 , many new ransomware families are designed to target servers, including web servers, file servers, and virtual desktops, and even specific business critical file types. Good examples of these are the recent GandCrab, BlackHeart, and SynAck ransomware attacks, which leveraged new and sophisticated attack techniques to impact organizations. While ransomware remains a serious threat, we’ve also seen a dangerous rise in cryptocurrency mining attacks, which are less visible but still very costly to enterprises.
In 2018, Trend Micro Research saw a 237 percent increase in crypto-mining attacks, with coinminer detections being the top malware detection throughout the entire year. As cryptocurrency remains top of mind, cybercriminals have taken interest in outsourcing their expensive mining processes to organizations that are using containers from public repositories and organizations that aren’t properly protected. Servers are at the center of this technology shift, the workhorse of the enterprise. Gartner, the leading IT research and advisory firm, explicitly points out that, “Servers often host the most critical data in the enterprise and have different functionality than client endpoints.”3 We believe the challenge is that the architectural shifts have established server workloads in multiple locations and in different formats, which makes securing them more complex than ever before.
WHAT IS THE HYBRID CLOUD?
The speed of change in IT architectures over the past decade is unprecedented. The introduction of virtualization
technologies from companies, like VMware, took the deployment of servers from weeks to days—changing the way data center operations and security teams worked, and resetting expectations of speed for business project delivery. Only a few years later, the public cloud market, driven by offerings like AWS and Azure, enabled the deployment of servers in minutes instead of days, empowering businesses to deliver new applications and projects at speeds that have never been seen before. With new technologies, (containers like Docker® and serverless offerings like AWS Lambda® or Azure functions), the rate of change for IT is not showing any signs of slowing down.
MULTIPLE CAPABILITIES, ONE PRODUCT
Deep Security is a host-based security control product. The solution includes a broad range of cross-generational threat defense techniques that can be used for protecting servers and detecting advanced threats, including:
• Network security: Enabling detection and protection from network attacks, and the ability to virtually patch vulnerabilities with intrusion detection systems (IDSs) and intrusion protection systems (IPSs), as well as a host-based firewall to shield and help with reporting on networkbased attacks.
• Malware prevention: Leveraging built-in anti-malware and content filtering, behavioral analysis, machine learning, and network sandbox integration, to protect against the latest in malware threats, including
ransomware and crypto-mining.
• System security: Application control and integrity monitoring enable the lock down of servers, as well as the discovery of unplanned or malicious changes to registries, ports, and key system files. It can also
help with detection and response, including leveraging log inspection for discovering anomalies in critical log files or application and network traffic detection with indicators of compromise (IOCs).
OPTIMIZED FOR THE HYBRID CLOUD
The challenge of the hybrid cloud is that security needs to be applied with a different approach, depending on each
environment. The good news is, security strategies like defense in-depth remain relevant across all environments; it’s how they are applied in ways that are both effective and operationally efficient that change. For example, for infrastructure-asa-service (IaaS) deployments, there is a shared security responsibility, with the CSP responsible for everything up-to-andincluding the hypervisor layer and the organization responsible for everything they put in the cloud.
FULL-STACK CONTAINER SECURITY
Many enterprises have started to adopt containers as a way to enable microservice application development, building
software that is modular, easily scalable, and easy to update. However, like virtual machines and bare metal servers,
containers have their own threat vectors which need to be secured. Deep Security’s runtime protection provides full-stackcontainer security against the latest threats—securing at the host, container platform, orchestration layer, container itself, and even at the application layer.
SHIFTING SECURITY TO THE LEFT
A report from NIST shows that the costs associated with resolving threats and risk increase the later security is
implemented, for example, implementing security in the runtime phase can cost up to 30 times than implementing it in the planning phase . While runtime security controls remain critical, organizations must also shift security to the left in order to mitigate threats before they reach production.
PROTECT AGAINST ADVANCED THREATS: RANSOMWARE
Ransomware is malware that installs covertly on an endpoint and mounts an extortion attack by extracting and/or encrypting data, holding it inaccessible until a ransom is paid. While the majority of ransomware attacks leverage social engineering and email to gain access to an enterprise, servers are a prime target—given the types of data and applications they hold.
SHIELD WORKLOADS FROM VULNERABILITIES
Deep Security’s network security controls can shield enterprise servers against known and unknown vulnerabilities—for example WannaCry (Microsoft® Windows® SMB), Erebus (Linux®), Shellshock, and many other data-stealing attacks—from being exploited. Leveraging IDS/IPS, Deep Security includes thousands of proven rules that apply to network traffic in layers two to seven. Using a recommendation scan to enable contextual security, these rules can be automatically applied based on a deployment environment to protect unpatched, network-facing system resources and enterprise applications.
AUTOMATE AND INTEGRATE SECURITY AT SCALE
Changing infrastructures, evolving cyberattacks, and accelerating development cycles can be overwhelming for security and risk teams to deal with, not to mention the continually growing skills gap in the security industry. Automation is the critical piece of the puzzle and can enable security teams to move and scale at the same pace as their DevOps teams.
For inquiries, email us at email@example.com