May 17, 2022• Resources • Webinars
Linux security is complicated. Let's fix it.
Watch Red Canary’s experts as they hash out the state of Linux security—the threats, the challenges, and how organizations can modernize with confidence. Featuring an intro to our Linux EDR solution with Q&A.
ON-DEMAND WEBINAR
Tue., May 17, 2022
View the recording here.
Watch Red Canary’s experts as they hash out the state of Linux security—the threats, the challenges, and how organizations can modernize with confidence. Featuring an intro to our Linux EDR solution with Q&A.
Learn why protecting production Linux systems has historically been complicated, and how Red Canary is simplifying it with 24×7 threat protection and support.
- Hear unique perspectives on Linux security from the experts responsible for improving it
- See the common threats that target Linux systems and where vulnerabilities exist
- Get an introduction to Red Canary’s lightweight EDR agent and Linux-first threat protection
WATCH ON-DEMAND
00:56 Presenter Introduction
03:09 Webinar Agenda
04:18 What is Linux?
05:46 Why Does it Matter?
07:01 Why is Linux Complicated?
08:22 Challenges with Protecting Linux
09:53 Red Canary Linux EDR Solution
11:50 Discussion with Linux Experts
11:58 Why is Linux used so widely today?
13:50 “One thing that makes Linux so great is you can get in deep to the configuration of it – you can strip out all of the unnecessary stuff to focus on whatever the [production] server is supposed to be doing and that it’s doing it really well.” – Dave
14:20 What are the biggest obstacles to protecting Linux?
15:05 “Since Linux is often used to run highly available systems, production servers, or specialized systems like network or virtualization equipment a lot of our customers are sensitive to including third-party code…so we have to take great care in what data we collect, what system resources we use, and what response actions we can take during an incident.” – Thomas
17:30 What are the biggest and most common threats to Linux?
18:33 “A lot of the threats we’ll see are coinminers, webshells, things that are trying to exploit databases, or other services that might be running on those systems.” – Dave
23:01 What’s unique about Red Canary’s approach to protecting Linux?
24:29 “We made some design decisions [for our Linux EDR solution] like using Rust because that’s a language known for developing lightweight and very fast code, and leveraging eBPF so that we can do a lot of the telemetry collection in the kernel which ends up being very fast.” – Dave
27:17 “The really nice thing about the method that we use [for our MDR service] is that we combine responsibilities to both review and detect threats within the same team, so we have a big incentive to drive down false positives and build very highly tuned detection logic.” – Thomas
28:03 How do you research or identify new Linux threats?
28:45 “One of the best sources of data we get is analyzing new threats that we see firsthand. When we identify attacks happening, then publish and adequately scope them, we’ll go back, revisit the behavior we saw, and try and shore up our coverage.” – Thomas
33:41 Linux Threat Investigation Demo
36:34 Key Takeaways
- Linux threats and attack vectors differ from their Windows/MacOS counterparts.
- Linux is often the foundation of a production system so disruptions or interference negatively impact the business.
- Red Canary’s Linux experts are on the front lines of Linux defense, researching and writing on the latest threats.
- Our lightweight Linux EDR sensor is built and optimized for Linux with minimal impact on the system.
39:12 Questions & Answers
MEET YOUR HOSTS
Kevin Gee
Sr. Product Marketing Manager, Red Canary
Dave Bogle
Sr. Threat Researcher, Red Canary
Thomas Gardner
Sr. Detection Engineer, Red Canary
WHY THIS WEBINAR AND WHY NOW?
According to ESG Cloud-Native Security Research, 88% of cybersecurity professionals report having experienced an attack on their cloud-native applications and infrastructure over the last 12 months.
Yet many cloud security solutions that aim to protect Linux can be cumbersome and disruptive because they were adapted from their Mac or Windows agents. These heavyweight agents can sometimes affect the processing capability of your Linux system or even enact changes.
That’s why we built a Linux-first solution, specifically designed to effectively secure modern infrastructure. Our unique lightweight agent was designed to silently collect telemetry data while minimizing any possible performance impact. Red Canary Linux EDR and MDR extends Managed Detection and Response to your entire on-prem and cloud Linux infrastructure with deep Linux threat detection expertise and experience.
Discover Linux EDR