Cybersecurity is changing: protection strategies that worked for years are now defunct in weeks.
It began as a topic of study, a discourse on the ways to defend connected computer systems from unauthorized access and exploitation. Now, cybersecurity is a concern for everyone. The scope of threat agents is widening and their effect is deepening. Today’s hackers are organized, determined, strategically financed, and comprehensively tooled.
Cybersecurity can no longer be an afterthought when designing products and services, and dealing with it has become an uncomfortable but necessary burden, not just for the website owners and web professionals designing and managing sites, but also for the web hosting companies that need their platforms be safe if they are to stay in business. The industry is not unusual in operating on cut-throat margins and few can afford to hire full-time security analysts. A ‘do it yourself’ approach to security has limited benefits but unlimited risks. The constantly changing nature of software, and the attack vectors exposed by it, makes it impossible to keep security policies relevant and reliable. Web professionals who are reluctant to invest time and money in evaluating and provisioning for cybersecurity soon find their websites compromised, their systems unmaintainable, their reputations floundering, and eventually, their profits tumbling.
Many security commentators see in today’s cyber crime landscape a common set of characteristics:
- Scale: Through automation, hacking attempts are now much broader in their attack surface and more prolonged in their duration.
- Knowledge: Hackers take advantage of dedicated and covert communication channels, sharing information on vulnerabilities, many of which are not known, neither to the software vendors, nor to the owners of web sites using their software.
- Adaptability: Hacking tools and techniques evolve faster than the defenses designed to protect against them. And hackers are customizing attacks for specific website platforms, exploiting specific vulnerabilities.
- Cost: Hacker communities don’t just try to steal a company’s data and hijack their resources. They also adopt a company’s modus operandi, co-opting the corporate mindset by seeking to reduce the costs of hacking, exploring ways to make it ever more profitable and risk-free.
If cybersecurity is to avoid becoming a full-time fight, defense strategies must employ tactics that directly address these factors.
CloudLinux formed Imunify360 with this philosophy in mind, with the intention of taking back control of security and make it manageable for Linux web hosters and website owner/operators. The old, standard, ‘tried and failed’ strategies were discarded, adapted and replaced with ones more effective and better suited to these new trends.
Layered security is an approach to cybersecurity that combines strategies and distinguishes between the different methods of cyber attack, dedicating specialized software modules to defend against each type. With layered security, a stack of security components protects against different vectors of attack. Together, these components implement a kind of security funnel, one that’s more effective than the same components used separately. This combination of techniques, approaches, and technical measures forms a synergy that brings a new level of cyber protection to servers.
Modern security solutions use this multi-layer model because of its broad coverage and adaptive capabilities—the effectiveness of layers is not determined by their number, but by their function and arrangement, allowing security vendors to improve components individually and incrementally. System operators gain the ability to individually fine-tune each layer, selecting layer combinations and tailoring them to match their security profile, server specifications and compliance needs. Website operators no longer have to constantly reevaluate their security defense posture and upgrade their cybersecurity suite. Instead, they can spend their time and money on developing their businesses and satisfying their customers.
Imunify360 is a modular and scalable solution for all sizes and all scopes of investment. Its approach to layered cybersecurity builds on the robustness and proven reliability of industry-standard components and protocols, enhancing them with adaptive technologies that improve detection rates, simplify management, and offer opportunities for improving the revenues of web hosters and web professionals of all kinds.
What’s in Imunify360?
Here’s a run-down of the key components of Imunify360.
- Firewall/WAF. A firewall is only as good as its rules. Imunify360’s firewall and WAF builds on the strength and reliability of ModSecurity and OSSEC, enhanced with rules built from a blend of human and machine-learned knowledge. IP block list management is simple and automated irrespective of how many addresses there are. Individual IP address blocking uses the familiar white (allow) and black (deny) lists model extended by a gray list. When an IP is automatically blocked, it goes to the gray list. The system blocks all other traffic from gray-listed IPs, unblocking them only when a human visitor coming via HTTP/HTTPS passes a CAPTCHA page. Once passed, those IPs move to the white list. No user can manually add entries to a local gray list, and only administrators can remove them. This gray-listing technique reduces the number of false positives, and the number of unblock requests to help desks. Bulk setting large numbers of IPs is quick and painless. To defend against brute-force attacks, Imunify360 builds on the Active Response feature of OSSEC, re-engineered to intelligently detect when specific ports are under attack, and block them.
- IDS/IPS. Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) are components of security systems that interrogate and inspect traffic, looking for signs of malicious intent and stopping it at source before it can do harm. Proactive Defense is a feature unique to Imunify360 that scans PHP code for malicious invocations using proprietary heuristics. It uses code de-obfuscation and code intent (behavioral) analysis techniques to accurately work out whether a request is malicious or not, with a very low rate of false positives. If malware manages to take hold, a Blamer component attempts to trace the source and method of infiltration. Armed with this information, over time, Imunify360 becomes more effective at blocking future attacks.
- Anti-malware/antivirus. Multi-engine scanning of files for malware and viruses is flexible and complete with Imunify360. It automatically scans new, modified, and uploaded files, with options to automatically delete, quarantine or warn about files with malicious content. You can run on-demand scans at any time (scheduled scans are coming in version 4.1). Malware and virus scanning is free with ImunifyAV. The premium version, ImunifyAV+, includes one-click cleanup facilities.
- Patch Management. A prominent cause of many cyber breaches is out-of-date software. Unpatched vulnerabilities in software packages leave servers open to exploitation. You must patch vulnerabilities as soon after the announcement as possible but software maintenance takes time and effort. This is becoming one of the blind spots of server security. Often, patches need a system restart before they are active. Reboots are service interruptions that most system managers try to avoid. Imunify360 answers this dilemma with, HardenedPHP and KernelCare.
- HardenedPHP. This lets web professionals safely run applications on old, unsupported versions of PHP without suffering their security vulnerabilities. Web server managers can sometimes find themselves locked into keeping older PHP on their systems for customers with legacy applications. But these old versions include many unpatched vulnerabilities making them a security liability. Imunify Security maintains HardenedPHP, so any new vulnerabilities are always patched.
- KernelCare. KernelCare automatically patches Linux kernels without rebooting. When security researchers discover and make public a Linux vulnerability, the race is on between OS vendors who want to fix it and hackers bent on exploiting it. The kernel is the most vital part of any Linux system, handling the core functionality upon which all other applications rely on. It’s also the only part of a Linux system that you can’t update without rebooting the system. That was the case until the emergence of a now-mainstream technology called live patching. KernelCare uses this method to update a live, running kernel, patching its vulnerabilities without interrupting it. Right now, it is the only way of applying security patches to Linux kernels without incurring downtime.
- Reputation Management. If a website is the victim of an attack, Google’s Safe Browsing service might block it. This can happen without anyone knowing. It can cause a loss of traffic and revenue because the site is no longer indexed and does not show up in search engine results pages. Reputation Management is a feature of Imunify360 that lets you know if Google blocks a site, then helps you unblock it, restoring its visibility and reputation.
- Backup and Restore. A backup of files is not just for peace of mind. It’s also an effective way of recovering from a malware infection. Infected files can be quickly and easily returned to pristine condition by restoring them from a backup. Imunify360 can backup and restore data using Acronis or with the CloudLinux service.
The significance of the role of Linux web servers has grown invisibly over the past decade in step with the growth of online commerce. Cyber crime has grown in parallel and is in danger of overtaking legitimate business in sophistication and extent. Cybersecurity protection for Linux servers must be complete and dynamic, and it must use the same tools hackers use; it must fight fire with fire.