Gartner Blog Network

Improving Security by Killing Server and Desktop Workloads

by Neil MacDonald  |  June 16, 2011  |  Comments Off on Improving Security by Killing Server and Desktop Workloads

It sounds counterintuitive, but today’s advanced threat environment requires new approaches to the ongoing security and management of server and desktop workloads.

The trouble with Advanced Persistent Threats is that, by definition, they have evaded our traditional network and endpoint security controls and now reside undetected in our IT Systems. How many advanced intrusions will it take (such as RSA, Lockheed, Google, IMF, …) before you reach the same conclusion that many of us already have:

Your systems have been compromised. You just don’t know it (yet).

To counter APTs, new approaches are needed. Using virtualization of OS and applications as well as taking advantage of resilient web- and cloud-oriented scale out application architectures, we can take a new approach: periodically rebuild and reprovision server and desktop workloads from a high-assurance library of base image files. In short, periodically killing live workloads and restoring them to a high assurance state – even if they appear to be healthy. I call this “systematic workload reprovisioning” – SWR for short.

A SWR strategy reduces the dwell time of an intruder and will appeal to information security professionals looking for new ways to counter advanced intrusions for high-risk workloads,

It sounds straightforward, but embracing SWR requires a radical change in mindset for information security professionals: live workloads are no longer fully trusted. Instead of having to trust thousands of live workloads, our trust model is collapsed to the high-assurance libraries and templates that are used to periodically reprovision the workloads. Thus, SWR has several implications on the ongoing management of workloads that must be considered.

I’ve just published two research notes for Gartner clients that detail the SWR strategy. The first explains the concept and the second explores the implications and considerations for information security and operations management where SWR is adopted.

Systematic Workload Reprovisioning as a Strategy to Counter Advanced Persistent Threats: Concepts

Systematic Workload Reprovisioning as a Strategy to Counter Advanced Persistent Threats: Considerations

There is no silver bullet in information security, but SWR will become an accepted strategy and part of a defense-in-depth strategy for dealing with APTs in forward-leaning information security organizations over the next five years.

I’ll be talking about SWR next week at Gartner’s Information Security Summit in Washington DC. I hope to see you there.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: beyond-anti-virus  next-generation-security-infrastructure  virtualization  virtualization-security  

Tags: adaptive-security-infrastucture  apts  beyond-anti-virus  defense-in-depth  next-generation-security-infrastructure  security-summit-na  virtualization  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.