Server attacks continue to rise, yet majority of respondents still rely on antivirus, which is ineffective against advanced threats and targeted attacks
WALTHAM, Mass.—Nov. 5, 2013—Bit9, the leader in a new generation of endpoint and server security based on real-time visibility and protection, today announced the results of its third-annual Server Security Survey of nearly 800 IT and security professionals worldwide. Key findings include:
- 55 percent of security professionals were concerned about targeted attacks and data breaches on servers in 2013—up 3 percent from 2012, and up 18 percent from 2011.
- Only 13 percent of respondents are “very confident” in their ability to stop advanced threats targeting servers.
- 26 percent of respondents admitted their servers were hit by advanced malware, up 1 percent from 2012 and up 9 percent from 2011.
- 25 percent of respondents “don’t know” if they’ve been hit by a server attack, up 7 percent from last year.
- Only 3 percent of respondents said their virtual servers posed the highest risk. However, of those who administer an environment consisting of more than 75 percent virtual servers and who rated their virtual servers as having a “higher level” of security, 24 percent still admitted to being hit by advanced malware.
- 92 percent of respondents use signature-based antivirus software on their servers, despite AV’s inability to stop advanced threats and targeted attacks, while only 29 percent use a more effective new-generation security solution, such as application control or allowlisting.
Server security remains one of the most critical aspects of any company’s security posture. Servers are where the majority of customer data, intellectual property and user credentials are stored, which is why they are the target of most advanced threats. Failure to protect servers from advanced threats can lead to significant data loss, brand damage, large financial penalties, and diminished customer confidence. The 2013 Bit9 Server Security Survey found that organizations continue to lack the necessary tools to properly detect and protect their server environments—both physical and virtual—against advanced threats and malware.
“It is alarming to see that in 2013, 92 percent of IT and security professionals still rely on old-fashioned security solutions—particularly antivirus—and only a quarter of those surveyed have deployed a new generation of server security that doesn’t rely on signatures and is much more effective at detecting and stopping advanced threats and targeted attacks,” said Nick Levay, Bit9 chief security officer.
“Another very interesting result is the response to the question about which types of servers pose the highest risk. More than half of respondents said Web servers. While it’s true Web servers may present the greatest risk of being compromised, the real risk that organizations must be aware of is which types of servers could cause the most damage to the business if they were breached. In that case it’s database and file servers because the data those machines contain is significantly more desirable to cyber criminals, hacktivists and nation-states,” Levay said.
About Bit9
Bit9 is the leader in advanced threat protection for endpoints and servers based on real-time visibility and prevention. Bit9 is the only solution that continuously monitors and records all activity on endpoints and servers and stops cyber threats that evade traditional security defenses. Bit9’s real-time sensor and recorder, cloud-based services, and real-time enforcement engine give organizations immediate visibility into everything running on their endpoints and servers; real-time signature-less detection of and protection against advanced threats; a recorded history of all endpoint and server activity to rapidly respond to alerts and incidents; and real-time integration with network security devices such as FireEye and Palo Alto Networks. 1,000 organizations worldwide—from 25 Fortune 100 companies to small businesses—use Bit9 to increase security, reduce operational costs and improve compliance.