SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Bracket Computing Intros Server Guard

November 09, 2017

Server Guard provides a defense against persistent attackers that is unique because it safeguards the critical parts of the operating system while on disk and also while running in memory. Server Guard can offer this essential defense of the OS because it is not actually running inside the OS. Instead, Server Guard resides in Bracket's patented Metavisor technology, which uses virtualization to isolate Server Guard from the guest OS. As a result, even if an attacker gets privileged or "root" access to a server, it can't get past Bracket's Server Guard. This unique architecture is what enables Bracket to deliver immutable security -- security that cannot be turned off, bypassed, or compromised.

Vulnerabilities Abound, but Persistence Is the Problem

When attackers are looking to enter a target network, they will often find a vulnerability in an Internet-facing data center server. One of the most high-profile vulnerabilities was in the Apache Struts software, which appears to have been at the heart of the recent Equifax breach. Software will never be free of bugs, and using signature-based systems to close the vulnerabilities will never be a complete solution. One must assume attackers will find a way in. But the real damage is done once an attacker has penetrated. The attacks at Sony, Target, HBO, and Equifax all had one thing in common -- the attackers found a way to get in, and then were able to stay in for months, even as long as a year. How can an attacker remain in the network so long when security agents are so widely deployed? The answer is called persistence -- the attackers embed themselves into the OS and remain undetected.

"To maximize damage, modern cyber attacks use sophisticated techniques to remain undetected for as long as possible," said John Pescatore, Director at SANS. "Security controls that can efficiently and effectively reduce both time to detect and time to mitigate advanced targeted attacks are critical for protecting business applications and sensitive data."

Announcing Server Guard -- Because the Server Can't Guard Itself

A server has built-in defenses, treating most applications as a "user," and very privileged access as "root." Root access is intended for administrators who have the ability to reconfigure and change how a server runs. When attackers gain a foothold in a network, they often seek root access, which allows them to patch themselves into the OS and therefore avoid detection from a user-based security agent. This is how they achieve long-term persistence. There are several vulnerable parts of an operating system that attackers will try to exploit to hide themselves, becoming undetectable by traditional security measures. The Operating System attempts to defend these areas but once an attacker has privileged or root access it is a "peer" to the OS and thus the OS cannot defend itself. Bracket's approach is unique in the industry. The Bracket Metavisor is a virtualization technology that does not actually reside in the OS; instead, the OS talks to the Metavisor as it would any cloud hypervisor. Building on this unique security platform, Bracket's new Server Guard analyzes and protects the critical parts of a running OS. With no prior knowledge of the attack, Server Guard causes Linux privilege escalation and rootkit attacks to simply bounce off, even if the server is not patched and running a known vulnerability. The Bracket approach assumes that one way or another an attacker is going to find a way in, but by hardening the core of the OS the attacker can't stay in. Server Guard protects the OS because the OS can't protect itself.

"We like to say that root can't stop root," said Jason Lango, co-founder and CTO of Bracket Computing. "What that means is when an attacker has the highest privilege in a server, the server cannot defend itself from the attack. Our new Server Guard, running in the Bracket Metavisor, can defend the server even when the server can't defend itself."

Immutable Security -- It Can't Be Turned Off or Bypassed

Another unique aspect of Bracket's new Server Guard is that it cannot be turned off or bypassed by a rogue insider or an outside attacker -- even if the attacker has root access. This capability has two major benefits: First, it is totally transparent to Development and Operations teams. If those teams are accustomed to using native Amazon controls, on-premise VM controls, or third-party orchestration tools, they will not see any changes to the Dev/Ops workflow. Dev/Ops teams aren't slowed down by Bracket Server Guard. Second, a rogue administrator cannot avoid the protections that Server Guard offers, because Server Guard resides in the Bracket Metavisor, not in the OS itself.

Part of a Layered Defense

Beyond unique server protection, the Bracket Security Software offers unique controls to micro-segment the network, gather forensics information, visualize network flows, and encrypt and protect all forms of data at rest and in motion. The Bracket software is easy to deploy -- most customers are up and running with a simple reboot of a server.

Terms of Use | Copyright 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement