What is Used today for Server Security?
Today, there are mainly two types of security products for servers on the market, anti-virus and white list. Anti-virus type detects and removes malware features based on the pattern matching and is often used for endpoint security. Server attacks are based on communication requests that do not use files, and detection by file scanning, which is adopted in the anti-virus type, is not effective.
Whitelisting uses a list of applications and processes that do not need to be cautious. It allows whitelisted operations but restricts others. By registering to the list and specifying executable programs and processes, malicious programs and operations will not be performed. This method itself seems to be effective for server defense, but since registration is required for each application and process, the list must be managed and updated on a regular basis, resulting in a huge operational cost for maintenance.