The recent high-profile cyberattacks on Sony, Target, HBO, and Equifax all had one thing in common: Attackers found a way to get into the operating system, and then were able to stay in for months, even as long as a year.
"It's not a smash-and-grab thing where [hackers] pop servers, get stuff, and run—they are able to stay in the network for a year," said security firm Bracket Computing CEO and co-founder Tom Gillis. "They embed themselves into the OS, and get privileged access so they can patch it in a way so when the antivirus runs, it can't see the malware."
To combat these persistent attacks, Bracket Computing released a feature called Server Guard for its security software solution that provides defense by safeguarding the critical parts of an operating system while on disk, and also while running in memory.
SEE: Information security incident reporting policy (Tech Pro Research)
"We make the assumption that in the modern, borderless, mobile enterprise, it's impossible to keep every attack out," Gillis said. "End users are less than perfect and will click phishing links, and software will have exploits. We're not trying to solve the problem of keeping the bad guys out—we're trying to deny them to ability to stay in."
This defense is effective because it is not actually running inside the OS. Instead, it sits in Bracket's Metavisor technology, which uses virtualization to isolate it from the guest OS. As a result, even if an attack gains privileged access to a server, it can't get past the defense.
Bracket claims that this enables them to provide "immutable" security, which cannot be turned off, bypassed, or compromised. It also offers transparency to DevOps teams.
A solution like this should be part of a layered defense that includes hardened servers, controlled network access, and data encryption and protection, Gillis said.
"Security has gone from being an inconvenience to the CEO of Target losing his job after a breach," Gillis said. "Business leaders need to understand the significance of cyber on the industrial landscape. It's a board-level issue."
Server Guard is a subscription service, with a list price of $60 per core per year.
The 3 big takeaways for TechRepublic readers
1. A new offering from Bracket Computing called Server Guard helps protect networks from persistent attacks that gain privileged access to an operating system.
2. Bracket claims that this allows for "immutable" security, which cannot be turned off, bypassed, or compromised.
3. A solution like this should be part of a layered defense that includes hardened servers, controlled network access, and data encryption and protection.
- Report: 60% of developers lack confidence in their app security, but don't take steps to fix it (TechRepublic)
- How to make your employees care about cybersecurity: 10 tips (TechRepublic)
- Microsoft's new open source tool can scan your website for security and performance headaches (ZDNET)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Information Security Certification Training Bundle (TechRepublic Academy)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.