A zero-day worm propagating on organizations network or an exploit on server application are examples of attacks that bypass perimeter firewalls and other security measures. These attacks can originate from outside, extranet partners, or even from infected machines inside the network. If a server gets compromised, confidential user information is at risk. Sometimes the attack can bring down the servers and take several days to remedy.
In a connected and Web oriented world, traditional security solutions are unable to fill the technology gaps that are being created. AppRangers comprehensive approach fills the technology gaps in securing server infrastructure. Before AppRanger begins to protect servers against attacks, a specialized scanner is used to find and eradicate all malware and rootkits. Polymorphic malware and rootkits that are able to defeat anti-virus will be caught by AppRanger.
AppRanger finds and protects key server applications like SQL, Apache, exchange, etc. because 75% of all attacks are on applications. AppRanger hardens these applications with appropriate sandboxes to neutralize attacks. For example, if a user on a Citrix server opens an infected attachment or clicks on a malicious link, AppRanger will block that attack and prevent the Citrix server from getting infected.
AppRanger tracks server state and enforces a lockdown mechanism to further increase the security and defeat other attacks. During the lockdown, only authorized applications are permitted so that server remains immune to attacks while functioning properly.
In most large and financial organizations, compliance with HIPAA, SOX, and PCI standards is an important consideration. AppRanger generates a daily status report for the servers that several requirements of the compliance standards. AppRanger reports on attacks and system state changes further aid in risk assessment for servers.
Protect server applications against hacks
According to Gartner, 75% of all attacks are via applications. Hackers target vulnerabilities in server applications to gain access to the servers. It is expected that over 80% of all corporations would have suffered from such attacks by 2009.
AppRanger defeats attacks on application servers by protecting applications with a sandbox. AppRangers sandbox has full visibility into actions of applications and any DLLs loaded by the application.Any malicious activity in the application is detected and blocked by AppRanger without any interference with normal execution of the application.
AppRanger has pre-defined sandboxes for most common applications like Apache, Exchange, IIS, browser, etc. Applications are automatically protected and the user does not have to do any configuration. For those who desire very high security, AppRanger provides a High security mode for sandboxes that permits only authorized actions by the application.
Find any rootkit on servers
When a server is hacked, the first action by hacker is to evade detection. For this purpose, hackers often deploy rootkits to hide their presence. Rootkits damage or modify the kernel to hide files, processes, etc. Because the components installed by hackers are hidden, the server compromise is more difficult to catch.
AppRanger incorporates the most advanced rootkit detection method that can detect any rootkit. AppRanger uses a technique called kernel Heal to reverse the damage done by rootkits to the kernel and exposes all rootkits and associated components.
AppRanger also has unparalleled capabilities in removing malware and rootkits. By using a patent pending method, AppRanger is able to freeze rootkits and remove them from servers.
Protect servers without patches against zero-day attacks
Applications will always have flaws. This is especially true for legacy applications that are no longer updated or patched.
From the time a flaw is detected to when a patch is applied, there is a window of vulnerability. It is during this window of vulnerability that hackers launch most of their attacks.
AppRanger protects against zero-day attacks by enforcing a lockdown. Lockdown allows all applications on the server to function properly, but all hacks are blocked and malware cannot infect the server. The server is immune to the zero-day attack even though a patch has not been applied.
If there is a zero-day worm attack, AppRanger will clean the server, prevent it from getting reinfected, and permit it to function normally even though there is a zero-day worm attack in progress. This gives administrators enough time to focus on tracking down and resolving the worm problem and not worrying about their entire network go down due to servers getting infected.