Server Protection Buyers Guide

Similar documents
FIREWALL BEST PRACTICES TO BLOCK

Endpoint Security Buyers Guide

FIREWALL BEST PRACTICES TO BLOCK

Sophos MSP Connect. One flexible MSP program to connect you and your customers to one complete and simple security solution.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

XG Firewall. What s New in v17. Setup, Control Center and Navigation. Initial Setup Wizard. Synchronized App Control Widget.

Securing the Modern Data Center with Trend Micro Deep Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Sophos Intercept X. Stopping Active Adversaries An explanation of features included in Sophos Intercept X. Last updated 22th June 2017 v1.

McAfee Public Cloud Server Security Suite

SYMANTEC DATA CENTER SECURITY

CUSTOMER CASE STUDY. Sophos and Wave 9 Make Managing 20 Schools Easier and More Secure. Customer-at-a-Glance

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Next-Gen Firewall Buyers Guide

From Firewall to Cloud, Diocese of Brooklyn Enthusiastically Embraces Unified Sophos Security Across its Parishes and Schools

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Securing Your Amazon Web Services Virtual Networks

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Symantec Ransomware Protection

Securing the SMB Cloud Generation

XG Firewall and SD-WAN

INTRODUCING SOPHOS INTERCEPT X

SIEMLESS THREAT DETECTION FOR AWS

Sophos Pricing and Ordering Made Simple Partner FAQ

High risk, unwanted and even malicious applications are hiding like parasites on many organizations' networks.

Securing Your Microsoft Azure Virtual Networks

trend micro smart Protection suites

SophosLabs 2019 Threat Report

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Sophos Gateway Comparison

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Symantec Endpoint Protection Family Feature Comparison

Consolidating to a Best of Breed Security System

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Synchronized Security

Stopping Advanced Persistent Threats In Cloud and DataCenters

CS 356 Operating System Security. Fall 2013

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Copyright 2011 Trend Micro Inc.

SentinelOne Technical Brief

SentinelOne Technical Brief

CASE STUDY. Customer-at-a-Glance. Industry. Sophos Solutions. Fitas Flax Indústria e Comércio Ltda. Brazil. Manufacturing

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Sophos XG Firewall Licensing

SIEMLESS THREAT MANAGEMENT

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

ForeScout ControlFabric TM Architecture

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Australian Signals Directorate (ASD) Top 35 Reference Card

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

McAfee Cloud Workload Security Product Guide

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

9 Steps to Protect Against Ransomware

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Security Made Simple by Sophos

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

RSA NetWitness Suite Respond in Minutes, Not Months

The 2017 State of Endpoint Security Risk

Microsoft Security Management

The Evolution of Data Center Security, Risk and Compliance

Endpoint Protection : Last line of defense?

Securing Your Most Sensitive Data

Sizing Guideline. Sophos XG Firewall XG Series Appliances. Sophos Firewall OS Sizing Guide for XG Series appliances

SECURITY SERVICES SECURITY

What is an Endpoint Protection Platform?

The threat landscape is constantly

McAfee epolicy Orchestrator

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Symantec Endpoint Protection 14

Best Practices in Securing a Multicloud World

ForeScout Extended Module for Splunk

SECURING DEVICES IN THE INTERNET OF THINGS

PrecisionAccess Trusted Access Control

CyberArk Privileged Threat Analytics


SECURING DEVICES IN THE INTERNET OF THINGS

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

SIEM: Five Requirements that Solve the Bigger Business Issues

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

TREND MICRO SMART PROTECTION SUITES

Sizing Guidelines. Sophos XG Firewall - XG Series Appliances. Sophos Firewall OS Sizing Guide for XG Series appliances

Datacenter Security: Protection Beyond OS LifeCycle

Transcription:

Server Protection Buyers Guide Cyber threats to servers continue to evolve in complexity and viciousness at an alarming rate. Devastating ransomware outbreaks such as WannaCry and NotPetya highlighted the need for strong anti-ransomware capabilities. Systemic vulnerabilities exploited by the likes of Spectre and Meltdown showed that anti-exploit and application control ( default deny ) are also key components of any server security plan. As servers are often an organization s most valuable endpoints, the pressure is on for IT managers to select highly effective protection. It is not enough to run a security solution designed for desktops on your servers you need solutions designed with server workload protection at their core. This guide aims to give you practical advice on key features and capabilities to look for when selecting security for your servers, as well as questions to ask vendors to make sure that features work exactly as they should.

Server Environments Depending on the needs of your organization you may be running your own servers onpremises, hosting your data in the cloud with Amazon Web Services (AWS) or Microsoft Azure, or using a hybrid of the two. So as a bare minimum you need a security solution that lets you easily manage these different setups via a single pane of glass. Ideally, that solution will offer additional benefits, such as consistent policy deployment across your servers that can be managed centrally. Automated deployment (such as via scripting) of server protection in the cloud is vital so they can be spun up (and down) when necessary to meet demand, without interaction from the server admin. And straightforward licensing options are more important than ever before, as organizations opt for mixed deployment environments. Look for a vendor that offers a single license type, whether cloud, on-premises, or a mixture of the two and save yourself from a complicated mix-and-match process. Key Product Capabilities and Features Modern server security has evolved to stay ahead of increasingly advanced threats. To keep your servers secure, whether on-premises or in the cloud, look for a range of features that defend against unknown threats, ransomware, exploits, and hackers: Anti-ransomware Some solutions contain techniques specifically designed to prevent the malicious encryption of data by ransomware. Often techniques that are specifically anti-ransomware will also remediate any impacted files by rolling the file back to an unaffected state, for example. Ransomware solutions should not only stop file-targeting ransomware, but also disk ransomware used in destructive wiper attacks that tamper with the master boot record. And specific to servers is the need to stop remote/rogue endpoints from encrypting files on network shares or other connected servers. Server lockdown/whitelisting/default deny Prevent unauthorized applications from running on your servers by whitelisting permitted applications. Buyers should look for a solution that can automatically identify trusted applications, but also allows for user customization to minimize the time and effort required to create a secure ruleset. Additionally, locking down or unlocking a server should not require downtime. Anti-exploit Anti-exploit technology is designed to deny attackers by preventing the tools and techniques they rely on in the attack chain. For example, exploits like EternalBlue and DoublePulsar were used to execute the NotPetya and WannaCry ransomware. Anti-exploit technology stops the relatively small collection of techniques used to spread malware and conduct attacks, warding off many zero-day attacks without having seen them previously (not requiring a signature). Comprehensive exploit prevention also provides protection for servers that can t be patched quickly, or even when there are no available patches. ¹ Gartner Top 10 Security Projects for 2018 2

Anti-hacker Servers are a prime target for hackers as they typically contain an organization s most sensitive data. Look for solutions that include specific capabilities to stop persistent attacks by hackers occurring in real-time. Some examples of required anti-hacker mitigations for servers include credential harvesting prevention, lateral movement prevention, code cave mitigation, privilege escalation protection, and process migration protection. Machine learning There are multiple types of machine learning methods, including deep learning neural networks, ransom forest, Bayesian, and clustering. Regardless of the methodology, machine learning malware detection engines should be built to detect both known and unknown malware without relying on signatures. The advantage of machine learning is that it can detect malware that has never been seen before, ideally increasing the overall malware detection rate. Organizations should evaluate the detection rate, the false positive rate, and the performance impact of machine learning-based solutions. Incident response/synchronized Security Server tools should at a minimum provide insight into what has occurred to help avoid future incidents. Ideally, they would automatically respond to incidents, without a need for analyst intervention, to stop threats from spreading or causing more damage. It is important that incident response tools communicate with other server security tools as well as network security tools. In addition, your chosen solution should be able to show you how an attack took place, with further detail on the point of entry, malicious processes, and affected machines (e.g. root cause analysis or RCA). Application control Provides control over which applications are permitted to run on the server to reduce the attack surface. Ideally the vendor will filter applications by category to simplify and speed-up configuration. Centralized management The console should enable easy management and visibility of mixed server environments for example, alerts, events, and reports all filtering through into one easy-to-access and easily understood view. Workload discovery and protection This enables discovery of workloads running in public cloud environments (Infrastructure as a Service) such as Amazon Web Services (AWS) and Microsoft Azure. Attackers have been known to take advantage of unused cloud regions and repurpose them, for example for cryptomining. Products with native API integration with public cloud platforms flag up new workload instances, including regions that are not actively being used. 3

Management and Reporting Most of the time you aren t logging into your servers unless there is an issue. Which means for management purposes there are two main requirements: 1. Straightforward deployment and monitoring of all your servers 2. Easy-to-use interface that lets you quickly respond if an issue arises In many cases deploying point solutions from multiple vendors for different servers in different environments can cause management challenges due to multiple consoles. This can quickly become a liability when dealing with larger server estates. Responding to a serious attack requires fast, decisive action that isn t hampered by wasted time spent trying to locate the critical information needed to make a decision. Look for solutions that consolidate information onto a single pane of glass making it as simple as possible to locate what s important. Some solutions also offer the ability to integrate your server with your network security (firewall) and share threat intelligence. For example, if a server is identified as compromised, it can be isolated from the network to prevent further damage to your organization. Traffic and applications from the server can also be accurately seen, allowing for prioritization of important applications or denying of unwanted apps. For ease of deployment, allowing scripted setup particularly for cloud deployments means a server admin s time can be spent elsewhere. Default-deny application whitelisting, or category-based application control, allows for faster configuration of what should and should not be permitted to run on a server, versus a purely manual setup. 4

Product Comparison Checklist After reading the previous sections to determine your base requirements, use this table to evaluate solutions from different vendors and assess their suitability for your organization. Feature Comparison Intercept X Advanced for Server Trend Micro Deep Security Symantec Cloud Protection McAfee Server Security Suite Advanced Kaspersky Hybrid Cloud Security Platform Cloud Cloud/ On-Premise Cloud On-Premise On-Premise MANAGE Single Console to protect Server, Endpoint, Mobile, Email and Wi-Fi O O O O AWS/Azure Workload Discovery Automatic Scanning Exclusions (e.g., Exchange, SQL Server) O O O Virtualization: Thin Agent with Centralized Scanner O Web Filtering (Block malicious websites) PREVENT REDUCE ATTACK SURFACE BEFORE IT RUNS Web Control (Control access to potentially inappropriate sites) O O O Application Whitelisting (Server Lockdown) O Category Based Application Control O O O O Peripheral/Device Control O O O Machine Learning (Deep Learning) O Exploit Prevention Data Loss Prevention O O O O Anti-Hacker (e.g. Credential Theft and Code Cave protection) O O O Ransomware protection (Behavior detection and rollback) O O DETECT Disk and Boot Record Protection O O O O File Integrity Monitoring (FIM) / Change Monitoring O Malicious Traffic Detection O RESPOND Synchronized Security (Out of the box integration with firewall) O O O O Root Cause Analysis (RCA) O O O O 5

Centralized Security Protection for your servers forms a vital part of an organization s security strategy. But, factoring in other endpoint devices, mobile phones, network security, encryption and more, managing all this can become difficult. Indeed, for many vendors each additional area of security mandates an additional console and policy framework, many of which look and feel different and provide no integration of security across the various devices and infrastructure components. Sophos Central lets you manage all your Sophos security solutions from one console. It is designed to be a single pane of glass, with an intuitive, consistent interface as you move between your different products. And best of all, Sophos products are engineered to work together, providing you with better security. For example, your servers work with your firewalls to automatically identify, isolate, and remediate compromised servers in seconds. Evaluating Server Security: Top 10 Questions to Ask To evaluate a server protection solution, start by asking the vendor the following questions: 1. Does the product support different server deployments such as on-premises, cloud, and hybrid? 2. Is application whitelisting/default deny included in the product at no additional charge? 3. Does the product have technology specifically designed to stop and roll back ransomware? 4. What technology exists to prevent exploit-based and file-less attacks? What antiexploit techniques are leveraged, and what types of attacks can they detect? 5. How does the product defend against persistent attacks by active adversaries? 6. What techniques does the product use to detect unknown malware threats? Does it use machine learning? 7. For products claiming to leverage machine learning, do they have third-party confirmation of detection accuracy? What about false positive rates? 8. What visibility into an attack does the vendor provide, such as root cause analysis? 9. Does the product automatically respond to threats? Can it automatically clean up a threat and respond to an incident? 10. Can the product natively integrate with public cloud (e.g. AWS/Azure) to automatically discover cloud workloads? 6

Conclusion As cyber threats continue to evolve in complexity and viciousness it is vitally important to have effective protection in place on your servers. Understanding the threats and the key security technologies needed to stop them will enable you to choose the best possible server protection for your organization. And that protection needs to be designed with server workloads in mind it isn t good enough to just run endpoint protection that hasn t been adapted for server environments. Statements contained in this document are based on publicly available information as of June, 2018. This document has been prepared by Sophos and not the other listed vendors. The features or characteristics of the products under comparison, which may directly impact the accuracy or validity of this comparison, are subject to change. The information contained in this comparison is intended to provide broad understanding and knowledge of factual information of various products and may not be exhaustive. Anyone using the document should make their own purchasing decision based on their requirements, and should also research original sources of information and not rely only on this comparison while selecting a product. Sophos makes no warranty as to the reliability, accuracy, usefulness, or completeness of this document. The information in this document is provided as is and without warranties of any kind, either expressed or implied. Sophos retains the right to modify or withdraw this document at any time. Try Sophos Intercept X for Server now for free United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia and New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com Copyright 2018. Sophos Ltd. All rights reserved. Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 18-07-13 NA (MP)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback