Management, Targeted Attacks Top Server Security Concerns: Survey

Global Survey Shows IT and Security Pros are Less Confident About Stopping Threats

A new study published by Bit9 shows that in 2012, targeted malware was at the top of the list when it comes to server management concerns in IT. Yet, server management itself is also seen as a problem.

This is the second year for Bit9’s server security study, which canvasses 1,000 IT professionals worldwide for their views on security and management. In a nutshell, the results show that there is a greater awareness among those in IT Security about what is and isn’t an advanced attack. At the same time, the number of cyberattacks are up and the confidence among those same professionals to identify and detect an advanced attack before it happens is at an all time low.

When one compares the differences between the first server study from Bit9 and the most recent study, it’s a whole new beast. In 2012, 52 percent of the respondents said that targeted malware was their top concern, representing a fifteen-point jump over last year’s study. Likewise, the number of people who had no confidence in their ability to detect and stop advanced threats doubled (20 percent) this time around. The number of organizations that reported being the victim of an attack increased as well this year, eight percent in total, to 25 percent of respondents reporting an affirmative to being attacked over the last year.

Bit9 also found that nearly half of its survey respondents felt that their virtual servers were more secure than physical ones—in contrast with findings from a 2012 Gartner study that indicated 60 percent of virtualized servers were less secure than the physical servers they replaced.

Time spent managing security is also a problem. 12 percent of the survey group ranked “too much administrative effort” required by traditional security solution as a bigger concern than actual attacks.

This is not surprising, the report notes, since more than 90 percent of respondents said that they are using antivirus software. There are significant performance issues associated with traditional AV that impacts effectiveness, and maintaining compliance makes additional work for the server team.

“These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources—before they execute—while decreasing the security-related administrative workloads of IT and security professionals,” said Brian Hazzard, vice president of product management for Bit9.

While Bit9 has a horse in the race where solutions are concerned, the point is valid. It would seem that the notion of IT being spread thin and overworked is still valid and perhaps more so over the last 12 months. However, I’m not sure if a single solution is going to solve all the problems faced by the IT department.

A copy of the report is available online (PDF).