Hardening Doesn’t Have To Be Hard

Hardening your systems remains one of the most effective things you can do to prevent successful attacks.  But it’s not easy to do.  Computers are dynamic about both what they do on the network and the software they need to run.  Hardening can shut down business processes, interfere with productivity, stop legitimate apps from running.  And the solutions from security vendors usually require you to spend time and resources customizing their configuration and constantly monitoring and adapting to changes in the network and on the system. Until there is a technological breakthrough, we will all continue to see low adoption of hardening for general purpose computers.

The Exception

There is an exception to this.  Servers.  Most servers have a single, well understood function.  They can be hardened because they are not dynamic in what programs they run or what they do on a network.  But this still requires an understanding of the OS and primary applications.  And IT still needs to configure the system and security products accordingly.

There is a solution for you: Symantec Data Center Security (DCS) proactively secures and hardens servers for common applications with its default policies. They are built by Symantec security experts to make hardening simple and effective.

And it works as advertised.  The recent attacks against Microsoft Exchange servers leveraged four different zero-day vulnerabilities. While attacks using these vulnerabilities started out from a single threat actor and were limited and targeted, once the vulnerabilities became known a large number of threat actors jumped in to take advantage of the vulnerabilities, trying to get ahead of patching efforts.  DCS customers however did not have to worry.

The Intrusion Prevention feature of DCS, with its default policies, provided zero-day protection against the deployment of web shells used in these attacks.  Protection against this and other zero-day attacks comes standard, with zero effort from the admins.  Hardening without expensive configuration.  I think this is the future.