Mention the word ‘security’ to a server admin and get ready to see some pained expressions—that is, if they don’t abruptly turn around and head for the door. More than likely, that person spends a tremendous amount of time and effort configuring and tuning your organization’s critical server environment to meet stringent application SLAs for the business and to keep users productive and happy.
With business-critical servers, performance is paramount. And, given the onslaught of sophisticated cyber threats aimed at stealing the valuable data that sits on them, so is security.
AV – Widespread but Lacking
As with user laptops and desktop computers, the common practice among enterprise organizations that actually do have a server security program is to protect critical servers with a static, signature-based solution like antivirus. AV has long been the de facto means of protecting endpoints, and is still mandated by several key regulatory compliance bodies (PCI DSS, HIPPA, for example).
From an efficacy standpoint, AV is lacking, compared to today’s next-generation endpoint protection (NGEP) technologies which use far more sophisticated methods of protection against advanced malware, exploits and insider attacks. But from the server admin’s perspective, the real deal-breaker with AV (and cause of headaches, nausea and general malaise) is that it crushes server performance. Repeatedly.
Since AV relies exclusively on signatures of known threats in order to successfully prevent an attack, having the latest ones is critical. Frequent updates mean frequent downloads, which can be periodically disruptive. However, the scans performed by the AV engine can drain 30% or more of a server’s CPU cycles. These scans affect virtual server performance as well; fewer available compute resources on the host machine mean fewer resources available for supported VMs. Given the magnitude of this impact, it’s no wonder that AV-based protection is so off-putting to server administrators. In many cases, organizations simply choose not to run AV or any kind of dedicated endpoint protection on servers as a means of avoiding server performance drag or having to undertake costly server upgrades in order to handle the additional AV workload.
End the Security-SLA Tradeoff
The bottom line is that no organization should have to choose between properly protecting sensitive data and meeting its business-critical SLAs.
This woeful tradeoff becomes a thing of the past with Next-Generation Endpoint Protection (NGEP). NGEP significantly alleviates the performance bottleneck created by the signature-based approach of AV. This is achieved through the use of two interrelated technologies: lightweight out-of-band activity monitoring, and behavior-based detection. This approach represents a complete break from the dependence on signatures and file scans, where the detection of threats is achieved via behavior analysis of suspicious processes as they execute on the server. Performance overhead is on the order of 4% or lower, in stark contrast with AV, whose operation can consume 10x that amount of a CPU’s performance.
Furthermore, behavior-based detection extends protection against threats beyond file-based malware. Critical servers with NGEP deployed are also protected against exploits, as well as live and script-based attacks. Many Next-Gen Endpoint Protection solutions are HIPAA and PCI DSS certified, and a few are even certified as an AV-replacement by AV-Test. NGEP makes it possible to say goodbye to your AV solution and hello to a much smoother relationship with your server admin.
For more information, download our free whitepaper and learn how to replace antivirus the right way.