SecureIIS Web Server Protection Guarding Microsoft Web Servers

Transcription

1 WHITE PAPER SecureIIS Web Server Protection Guarding Microsoft Web Servers When Bad Things Happen to Good Web Servers

2 Table of Contents Overview 3 SecureIIS Summary 3 The SecureIIS Difference 4 Installation and Configuration 4 Centralized Administration and Policy Creation 4 Centralized Events Management & Reporting 4 Technical Expertise in Protecting Microsoft IIS Web Servers 4 Other Technical Features: 5 Proven Results 5 Thomas and Betts 5 Suncor Energy 5 BRTRC 6 US Central Credit Union 6 About BeyondTrust BeyondTrust Software, Inc.

3 The value inferred from the minimal cost of SecureIIS...provides an inductive businessdriven justification for its purchase. - Arian Evans Overview Today s businesses require an added layer of protection to ensure that their Microsoft Internet Information Services (IIS) Web Server farms remain running without interruption even if a hacker mounts an attack, or the IIS Server is hit with an indiscriminate worm like CodeRed or Nimda. Further, this solution must be capable of protecting from newly launched attacks, such as the WebDAV buffer overflow vulnerability, should an attacker attempt to utilize an unknown zero-day exploit to compromise an IIS server. Security administrators should consider deploying BeyondTrust s Enterprise Web Server Protection solution, SecureIIS. In conjunction with BeyondTrust s Remote Enterprise Management (REM) Console, SecureIIS allows organizations the centralized data collection and reporting functionality required to keep up with the high speed of today s sophisticated attackers. Typical Web Server Protection Requirements: Maximum security of critical IIS web servers and content Maximized server uptime; Minimized downtime Ease of enterprise-wide installation and configuration Trusted web server protection without disabling IIS functionality Ability to employ a measured response to new security patches from Microsoft vs. reacting immediately to Microsoft advisories Reduced web management overhead SecureIIS Summary Developed by BeyondTrust as the first-ever Microsoft Internet Information Services (IIS) specific application firewall, SecureIIS operates within Microsoft IIS to actively inspect all incoming requests at each stage of data processing and prevent potentially damaging network traffic whether encrypted or unencrypted from penetrating Microsoft web servers. SecureIIS is a fully supported enterprise-level solution that is proven to save time and money while providing complete intrusion prevention security for Microsoft IIS web servers. SecureIIS is instantly deployable and provides enterprisewide assurance against known and unknown web server attacks, without disabling the functionality of IIS web servers or relying on a signature database of attacks BeyondTrust Software, Inc.

4 The SecureIIS Difference This section highlights some of the key advantages of SecureIIS over the competition. While some solutions provide low-level protection against some types of attacks, only SecureIIS is able to reliably protect against known and unknown Microsoft IIS vulnerabilities. SecureIIS is the comprehensive layer of security Microsoft has been unable to provide in its web server offerings and aftermarket tools. Rather than shutting down valuable services to protect your IIS servers, SecureIIS provides a true ISAPI filter, scrutinizing every command that comes through your database. Installation and Configuration This section highlights some of the key advantages of SecureIIS over the competition. While some solutions provide low-level protection against some types of attacks, only SecureIIS is able to reliably protect against known and unknown Microsoft IIS vulnerabilities. SecureIIS is the comprehensive layer of security Microsoft has been unable to provide in its web server offerings and aftermarket tools. Rather than shutting down valuable services to protect your IIS servers, SecureIIS provides a true ISAPI filter, scrutinizing every command that comes through your database. Centralized Administration and Policy Creation A Central Policy created at HQ may maintain multiple SecureIIS installations. SecureIIS may be installed by a non-security focused administrator and utilize the central policy created by the security team insuring all web servers are equally protected across the enterprise and properly configured. In the case of free tools such as Microsoft URLScan/IIS Lockdown, advanced security personnel need to install and configure each instance of these tools via trial and error. If the IIS web servers are in different geographical location, advanced security expertise will be needed at that location to install Microsoft s tools. Security policy changes (whether minor and major) may be done on the fly with SecureIIS and implemented worldwide. Unlike URLScan/IIS Lockdown, when a change is made, SecureIIS does not have to be disarmed and the IIS Web Server does not have to be shutdown or re-started providing maximum uptime for customers and yielding substantial administrative cost savings. Centralized Events Management & Reporting Attacks are logged by SecureIIS and reported to a central, HQ-located database in which all logs from every IIS web server may be consolidated. Low end tools require all individual logs to be consolidated by hand via a database admin after they have been converted into a database readable format. This method requires the system administrator to collect all these logs from each individual machine for processing on a daily basis. In the case of SecureIIS, the event log data is automatically encrypted and relayed to the central database and all machines attack logs are consolidated in the REM reporting database for easy review and report generation. Technical Expertise in Protecting Microsoft IIS Web Servers BeyondTrust Researchers are the foremost authorities in Microsoft IIS web server security, having discovered 12 of the last 15 remotely exploitable high-risk vulnerabilities. BeyondTrust is recognized as the most trusted source in vulnerability research and proactive security solutions BeyondTrust Software, Inc.

5 Other Technical Features: The following is a quick listing of other technical features provided by SecureIIS and not offered by Microsoft s add-on tools for IIS: Unknown vulnerabilities protection Central policy management Configuration modification without restarting IIS Different policy definition for each website of a physical server RFC compliancy verification Folder access validation File access monitor POST DATA protection Shellcode injection protection Real time statistics Built in Log viewer Log export Log centralization Multilanguage support Fully- supported by vendor and 100% enterprise-ready Proven Results The following represents a few recent deployments of SecureIIS and the customers impressions of BeyondTrust s web server protection solution: Thomas and Betts Thomas & Betts is the world s largest manufacturer of electrical wiring, cable wiring, heaters, power lines, and associated electronics. Thomas & Betts selected SecureIIS to protect its geographically dispersed Microsoft web servers and provide unequivocal web server protection for all its servers, even unpatched servers. SecureIIS was instantly deployed across the entire enterprise and saves the IT organization in excess of 2 months of patching, hotfix, and web support effort per year. Having SecureIIS gives our team time to properly test hotfixes and patches we are now proactive instead of reactive. I can roll the tested patches up into a comprehensive patch and install them properly without causing downtime that would hurt operations. Even if there is a patch that I don t know about, or a zero-day exploit, or something that a teenage hacker comes up with, I feel protected we re extremely pleased with the results - Jay W. Woody Suncor Energy Suncor Energy is a world leader in mining, extracting, and refining crude oil. Suncor Energy chose SecureIIS to protect its mission-critical web servers because it needed an enterprise-ready solution that could confidently safeguard its e-commerce, intranet, extranet, and corporate data assets BeyondTrust Software, Inc.

6 BeyondTrust s SecureIIS provided Suncor with a proactive defense against known and unknown Microsoft IIS defects and vulnerabilities that were not addressed within Microsoft patches. The Suncor security team estimates that they have realized a 30% savings in working hours that used to be dedicated to web-server related meetings, discussions, patching, and testing. BeyondTrust has proven itself in the security community in terms of its ability to identify vulnerabilities, create innovative products and protect networks. It shows that BeyondTrust s main concern is helping the IT community protect their networks. These actions continually enhance our confidence in the products BeyondTrust creates. Even if we had just one server and only hosted 5 pages of information about our organization, we would still want SecureIIS on the network. Without SecureIIS, a Microsoft IIS web server is completely insecure. With SecureIIS, the front lines of our network are protected. - Michael Castro BRTRC BRTRC is leading government contractor that offers management and technical support services to a variety of federal agencies and select commercial clients. Founded in 1985, BRTRC currently hosts over 100 websites and provides endto-end web server programming for its demanding high-profile clientele. BRTRC and its customers rely on SecureIIS for complete web security. BRTRC (and all SecureIIS customers) were 100% protected against even the recent zero-day Web- DAV vulnerability impacting many government Microsoft IIS web servers. BRTRC estimates it has saved approximately $200,000 in administrative costs alone by using SecureIIS. The amount of time spent on patch management is equivalent to at least two man years. The amount of money we spent on SecureIIS is a fraction of what we would have invested in salaries just to keep up with patch management. I really like BeyondTrust s comprehensive approach to vulnerability management and the security process. BeyondTrust s solutions look at the network, the server, the individual products I feel confident in SecureIIS because BeyondTrust is so well versed across the board in understanding vulnerabilities from different perspectives and not just relying on vulnerability databases to protect customers from attack. - Rebecca Ryder, BRTRC US Central Credit Union The highly rated U.S. Central Credit Union is the nation s only wholesale corporate credit union. The credit union, working with its 32 member corporate credit unions, provides investment, liquidity, lending, payment and cash management services to more than 10,000 credit unions serving more than 80 million consumers. Not including development and testing, there are usually Microsoft IIS web servers running in staging and production environments at any given time. All of these web servers are located in both public and private DMZ sectors of U.S. Central s network and protected by SecureIIS. In addition to blocking IIS attacks, SecureIIS has reduced overall staffing requirements at U.S. Central by limiting the need for accelerated regression testing and implementation of new configurations and patches on Microsoft IIS servers. Mature tool sets are still hard to find, and BeyondTrust has done an excellent job of providing mature tool sets that are consistent and congruent with U.S. Central Credit Union s security mission. The value inferred from contrasting the minimal cost of SecureIIS to the cost of a single, full-time employee to manually address all security-related Web server issues provides an inductive business-driven justification for its purchase. - Arian Evans BeyondTrust Software, Inc.

7 About BeyondTrust At BeyondTrust, we pledge to stay focused on providing the highest quality vulnerability management solutions available now and into the future. We regularly share our product roadmap with customers, as they wield the greatest influence on its course. And because we remain focused on vulnerability management, we are able to provide constant innovation and upgrades to keep our customers ahead of evolving threats. Customers are the common thread that drives everyone at BeyondTrust to build the best vulnerability management solutions on the market. From the first inquiry to our sales department, to interactions with our training and customer service staff, we are committed to providing dedicated, responsive and straightforward service to existing and prospective customers alike. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) and vulnerability management solutions for dynamic IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world s 10 largest banks, seven of the world s 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in San Diego, California. For more information, visit beyondtrust.com. Contact Info North American Sales [email protected] EMEA Headquarters Tel: + 44 (0) [email protected] CONNECT WITH US Facebook.com/beyondtrust Linkedin.com/company/beyondtrust BeyondTrust Software, Inc.