8/13/2019 2013 Server Security Survey Report Fnl 40111
1/14
2013 Bit9
Server Security
Survey Report
8/13/2019 2013 Server Security Survey Report Fnl 40111
2/142013 Bit9 Server Security Survey Report
Executive SummaryIn October 2013, Bit9 conducted its third-annual survey on server security, polling 799 IT and
security professionals worldwide. In the past year, the inability to detect or stop advanced attacks
has remained a constant challenge for enterprises. In 2013, Adobe, LivingSocial, Evernote, Twitter,
NBC.com, and NYTimes.com fell victim to cyber attacks. These attacks all involved compromised
servers that either resulted in defacing or shutting down a website to stealing millions of customer
records. Breaches of this nature can hurt brand equity or reduce consumer confidence. Therefore, it
is important to bolster IT security at every level, but most importantly it is essential to secure server
environments. This survey was designed to analyze these challenges from respondents who are
responsible for their organizations security posture.
Key Findings:1. Targeted attacks and data breaches are top concerns for organizations, but confidence
in being able to detect or stop them on their servers has dropped for the secondconsecutive year.
2. Virtual servers continue to be perceived as more secure than physical ones, despiteadmitted advanced attacks.
3. Administrative effort for server security remains uncomfortably high for the second year
in a row.
These findings highlight the urgent need for maximum visibility across server environments to
fuel more advanced threat detection and protection techniques that will prevent the execution of
advanced malware and zero-day attacks.
About Survey Respondents
The majority of respondents (51 percent) administer at or fewer than 100 servers, 22 percent
administer between 101 and 500, and 28 percent administer more than 500 servers.
76 percent of respondents had Windows running on more than half of their servers, with 11
percent running Linux on more than half of their machines. When it came to Linux distributions,
Bit9 found that 47 percent were running Red Hat Enterprise Linux, 23 percent were running
Ubuntu Server, and 22 percent were running CentOS. 43 percent of security professionals statedthat more than half of their servers were virtual.
When polled regarding what security solutions respondents were running on their servers, 92
percent of organizations were running antivirus (AV) on their servers, 37 percent were running
file integrity monitoring, 29 percent were running application whitelisting, and 11 percent were
running behavioral host-based intrusion prevention systems (BHIPS).
8/13/2019 2013 Server Security Survey Report Fnl 40111
3/142013 Bit9 Server Security Survey Report
How many total servers do you administer?
What Linux distributions are you running?
What security solutions are you using on your servers?
92% 37% 29% 11% 8%
Antiviru
s
FileInt
egrity
Monito
ring
Applica
tion
Whitelistin
g
BHIPS Other
51%500
8/13/2019 2013 Server Security Survey Report Fnl 40111
4/142013 Bit9 Server Security Survey Report
Key FindingsKey Finding #1:Targeted attacks and data breaches are top concerns fororganizations, but confidence in being able to detect or stop them on their
servers has dropped for the second consecutive year.55 percent of security professionals ranked targeted attacks and data breaches as their top
concern in 2013up 3 percent from 2012, and up 18 percent from 2011. Interestingly, 17
percent ranked meeting and maintaining compliance as their top concern and 16 percent ranked
unauthorized changes or impacts to system uptime and performance as a top concern.
With 54 percent of all data compromised originating from servers in 20121, server data continues
to be one of the most prominent focuses of advanced attacks. This is even more important when
considering 26 percent of respondents reported that their organization had been hit by advanced
malwareup 1 percent from 2012, and up 9 percent from 2011.
2013 2012 2011
12%12%
18%16%
19%17%
52%
37%
55
%
Meeting and maintainingcompliance requirements
Unauthorized change impacts our systemavailability/uptime/performance
Targeted attacks and data breaches
2011 2012 2013
17% 25% 26%
2012 2013
18% 25%
2011 2012 2013
83% 57% 50%
I dontknow.Yes,we have. No, wehave not.
What is your top concern regarding your server security?
Have you been hit by advanced malware?
1Verizon 2013 Data Breach Investigations Report
8/13/2019 2013 Server Security Survey Report Fnl 40111
5/142013 Bit9 Server Security Survey Report
Server security is about much more than just protection. Security professionals understand
the importance of detecting advanced malware as it arrives as well as protecting their critical
data from compromise. This is why it is surprising to see that 59 percent of respondents were
only somewhat confident in their ability to detect advanced threats, and 24 percent were not
confident at all in their ability to detect advanced threats arriving on their servers. Additionally,
25 percent of respondents had no idea whether they have been hit by advanced malware
highlighting a visibility challenge many security professionals may have about malicious files
arriving in their enterprise.
When it came to protection, once again 59 percent of respondents were somewhat confident
in their ability to stop advanced threats, with 22 percent not confident at all in the protection
solutions on their organizations serversup 2 percent from 2012.
Alarmingly, however, 24 percent of respondents who claimed to be very confident in their
ability to stop advanced threats on their servers also admitted that their servers had been hit by
advanced malware. And of those same respondents, only 71 percent were very confident in theirability to detect advanced threats on those same servers.
Considering cross-platform malware that can impact a variety of different platforms, ensuring
security across multiple server platforms is essential. Regarding Linux servers specifically, 43
percent of respondents were only somewhat confident in their security, and 17 percent were
not confident at all. Also, of the respondents who admitted to being hit by advanced malware, 26
percent had more than 1,000 servers in their organization and at least 68 percent had one or more
distributions of Linux running in their server environment.
Not surprisingly, of the respondents who stated they were not confident in their ability to stop
advanced threats, 31 percent had been hit by advanced malware.
How confident are you in your ability to stop advancedthreats targeting your servers?
59%13% 22%7%
8/13/2019 2013 Server Security Survey Report Fnl 40111
6/142013 Bit9 Server Security Survey Report
Key Finding #2:Virtual servers continue to be perceived as more securethan physical ones, despite admitted advanced attacks.
While 52 percent of respondents rated Web servers as posing the highest risk to their
organizations securityonly 3 percent of respondents rated virtual servers as posing the highest
risk. Overall, 49 percent of respondents rated their virtual servers as having a higher level ofsecurity than physical servers.
Although its not surprising that respondents felt their virtual servers are more secure than their
physical servers, what is surprising is that file serverswhich typically hold large quantities
of intellectual propertyand domain controllerswhich hold administrative rights and
passwordswere not top concerns for respondents. And of respondents who administer an
environment consisting of more than 75 percent virtual servers, and who rated virtual servers as
having a higher level of security, 24 percent still admitted to being hit by advanced malware.
59 percent of security professionals also viewed operational VM management, access control,and auditing as their top concern regarding virtualizationbut only 32 percent said advanced
attacks against their virtual servers were a top concern. This continues to highlight a misperception
among security professionals that virtual server environments are highly secure, despite an
inability to thwart advanced threats on any server platformincluding virtual ones.
Which types of servers pose the highest risk?
8/13/2019 2013 Server Security Survey Report Fnl 40111
7/142013 Bit9 Server Security Survey Report
Key Finding #3: Administrative effort for server security remainsuncomfortably high for the second year in a row.
44 percent of security professionals stated that managing their servers required more than one
Full-time equivalent (FTE)up 1 percent from 2012. Not surprisingly, of that 44 percent, 93 percent
were running AV on their servers, 48 were running file integrity monitoring (FIM), and only 36percent were running a form of application control or whitelisting.
Both AV and FIM have continued performance issues with deploying signature updates, testing,
audits, and tracking unauthorized changes that can cause delays and excessive workloads.
Additionally, server security teams are managing multiple security solutions in their environment
across a wide range of platforms to ensure protection. Of the 44 percent of respondents who
used more than one FTE to manage their servers, 73 percent had more than 100 servers in their
organization.
Organizations using more than one FTE to manage their server security.
2013
44%
2012
43%
8/13/2019 2013 Server Security Survey Report Fnl 40111
8/142013 Bit9 Server Security Survey Report
ConclusionServer security is one of the most critical aspects of any companys security posture. It is where
the majority of data (intellectual property) is stored and where every user credential is kept. It
is increasingly obvious that failure to protect servers can lead to a breach that results in data
loss, brand damage and diminished customer confidence. Once again this year, the trend
continued that organizations lack the necessary tools to properly detect and protect their server
environments against advanced threats.
The initial problem appears to be the low adoption rate of new-generation server security
solutions. Consistently, an overwhelming number of respondents used AV technologies (92
percent), but less than a third of organizations implemented any type of application control or
whitelisting solution (only 29 percent)despite 26 percent of respondents admitting to having
been hit by advanced malware.
Servers, which typically do not need the flexibility to dynamically install a wide range of potentiallyuntrusted applications, shouldfor the most partbe locked down. Failure to do so invites
trouble. Older server security solutions that rely on signatures to identify malware leave large gaps
in protection against unknown zero-day attacksamong other known untrusted software not yet
registered on AV blacklists. It is no surprise that more than a quarter of respondents acknowledged
that their servers had been attacked.
About Bit9Bit9 is the leader in a new generation of endpoint and server security based on real-time visibilityand protection. Bit9 is the only solution that continuously monitors and records all activity on
endpoints and servers and stops cyber threats that evade traditional security defenses. Bit9s
real-time sensor and recorder, cloud-based services, and real-time enforcement engine give
organizations immediate visibility to everything running on their endpoints and servers; real-time
signature-less detection of and protection against advanced threats; a recorded history of all
endpoint and server activity to rapidly respond to alerts and incidents; and real-time integration
with network security devices such as FireEye and Palo Alto Networks. 1,000 organizations
worldwidefrom 25 Fortune 100 companies to small businessesuse Bit9 to increase security,
reduce operational costs and improve compliance.
8/13/2019 2013 Server Security Survey Report Fnl 40111
9/142013 Bit9 Server Security Survey Report
Appendix SurveyQuestion #1: Where is your organizations headquarters located?
Answer Choices Responses
North America 81.73%
653
United Kingdom 3.25%26
Europe 4.63%
37
Middle East 3.63%
29
Africa 0.50%
4
Asia 4.01%
32
South America 1.25%
10
Australia 1.00%
8
Total 799
Question #2: How many total servers are in your organization?
Answer Choices Responses
1,000 18.40%
147
Total 799
8/13/2019 2013 Server Security Survey Report Fnl 40111
10/142013 Bit9 Server Security Survey Report
Question #3: What percentage of your servers are:
0% 75% Total
Windows 1.53%
12
8.43%
66
14.43%
113
25.29%
198
50.32%
394
783
Linux 9.89%
62
56.94%
357
22.17%
139
5.58%
35
5.42%
34
627
Unix 33.84%
157
48.92%
227
13.15%
61
3.45%
16
0.65%
3
464
Mac OS X 60.41%
238
32.99%
130
5.08%
20
1.27%
5
0.25%
1
394
Other 61.88%
211
32.84%
112
3.81%
13
0.88%
3
0.59%
2
341
Question #4: What types of Linux distributions are you running in your server
environment? (Select all that apply)
Answer Choices Responses
Red Hat Enterprise Linux 46.81%
374
CentOS 22.15%
177
Ubuntu Server 22.90%
183
SUSE Linux Enterprise Server 16.27%
130
Fedora 7.63%61
I dont know 14.14%
113
Not running Linux 20.65%
165
Total Respondents: 799
8/13/2019 2013 Server Security Survey Report Fnl 40111
11/142013 Bit9 Server Security Survey Report
Question #5: What is your top concern regarding your server security?
Answer Choices Responses
Targeted attacks and data breaches 55.32%
442
My current server security solution requires too much administrative effort 11.89%
95
Unauthorized change impacts our system availability/uptime/performance 15.89%
127
Meeting and maintaining compliance requirements 16.90%
135
Total 799
Question #6: What security solutions are you using on your servers?
(select all that apply)
Answer Choices Responses
Antivirus 91.74%
733
Application Whitelisting 28.54%
228
BHIPS 11.14%
89
File Integrity Monitoring 37.05%
296
Other (please specify) 8.39%
67
Question #7: Have you been hit by advanced malware?
Answer Choices Responses
Yes 25.78%
206
No 49.69%
397
I dont know 24.53%
196
Total 799
8/13/2019 2013 Server Security Survey Report Fnl 40111
12/142013 Bit9 Server Security Survey Report
Question #8: Rank this list of servers in terms of their risk to your security (1=highest risk)
1 2 3 4 5 6 7 Total AverageRanking
Webservers
52.07%
416
15.89%
127
8.76%
70
7.01%
56
5.26%
42
5.26%
42
5.76%
46
799
5.64
File servers 12.14%
97
24.91%
199
18.27%
146
19.40%
155
13.89%
111
6.13%
49
5.26%
42
799
4.63
Domaincontrollers
8.51%
68
13.64%
109
23.53%
188
16.65%
133
16.90%
135
11.89%
95
8.89%
71
799
4.09
Emailservers
11.14%
89
18.52%
148
17.15%
137
25.91%
207
9.76%
78
11.01%
88
6.51%
52
799
4.36
Virtualservers
2.75%
22
3.50%
28
6.63%
53
11.26%
90
32.29%
258
21.03%
168
22.53%
180
799
2.80
Databaseservers
9.51%
76
11.39%
91
13.39%
107
8.89%
71
12.77%
102
34.04%
272
10.01%
80
799
3.54
Applicationservers 3.88%
31
12.14%
97
12.27%
98
10.89%
87
9.14%
73
10.64%
85
41.05%
328
799
2.95
Question #9: How many FTEs are currently managing your server security?
Answer Choices Responses
1 FTE 44.43%
355
Total 799
Question #10: How confident are you in your ability to stop advanced threats
targeting your servers?
Answer Choices Responses
Very confident 12.77%
102
Somewhat confident 58.82%
470
Not confident 21.78%
174
Unsure 6.63%
53
Total 799
8/13/2019 2013 Server Security Survey Report Fnl 40111
13/142013 Bit9 Server Security Survey Report
Question 11: How confident are you in your ability to detect advanced threats
targeting your servers?
Answer Choices Responses
Very confident 12.77%
102
Somewhat confident 58.20%
465
Not confident 23.53%
188
Unsure 5.51%
44
Total 799
Question 12: How confident are you with regard to security on your Linux servers?
Answer Choices Responses
Very confident 13.89%
111
Somewhat confident 42.80%
342
Not confident 17.40%
139
Unsure 8.26%
66
N/A 17.65%
141
Total 799
Question 13: What percentage of your servers are virtual?
Answer Choices Responses
0% 8.39%
67
75% 21.53%
172
Total 799
8/13/2019 2013 Server Security Survey Report Fnl 40111
14/14
Question 14: Do your virtual servers provide a higher or lower level of security
than the physical servers they replaced?
Answer Choices Responses
Higher 49.44%
395
Lower 21.03%
168
N/A 29.54%
236
Total 799
Question 15: Which area is the biggest security concern when it comes to virtualization?
Answer Choices Responses
Technical (hypervisor attack, service console attacks) 31.91%
255
Operational (VM management, access control, auditing) 58.57%
468
N/A 9.51%
76
Total 799
266 Second Avenue
Waltham, MA 02451 USA
P617.393.7400 F617.393.7499
www.bit9.com
2013 Bit9, Inc. All rights reserved. Bit9 is a registered trademark of Bit9. All other trademarks and registered trademarks are the property of their
respective owners. Bit9 reserves the right to change product specifications or other product information without notice.