Skip Navigation
Get a Demo
May 17, 2022 Resources Webinars

Linux security is complicated. Let's fix it.

Watch Red Canary’s experts as they hash out the state of Linux security—the threats, the challenges, and how organizations can modernize with confidence. Featuring an intro to our Linux EDR solution with Q&A.


Tue., May 17, 2022

View the recording here.

Watch Red Canary’s experts as they hash out the state of Linux security—the threats, the challenges, and how organizations can modernize with confidence. Featuring an intro to our Linux EDR solution with Q&A.


Learn why protecting production Linux systems has historically been complicated, and how Red Canary is simplifying it with 24×7 threat protection and support.

  • Hear unique perspectives on Linux security from the experts responsible for improving it
  • See the common threats that target Linux systems and where vulnerabilities exist
  • Get an introduction to Red Canary’s lightweight EDR agent and Linux-first threat protection

00:56 Presenter Introduction

03:09 Webinar Agenda

04:18 What is Linux?

05:46 Why Does it Matter?

07:01 Why is Linux Complicated?

08:22 Challenges with Protecting Linux

09:53 Red Canary Linux EDR Solution

11:50 Discussion with Linux Experts

11:58 Why is Linux used so widely today?

13:50 “One thing that makes Linux so great is you can get in deep to the configuration of it – you can strip out all of the unnecessary stuff to focus on whatever the [production] server is supposed to be doing and that it’s doing it really well.” – Dave

14:20 What are the biggest obstacles to protecting Linux?

15:05 “Since Linux is often used to run highly available systems, production servers, or specialized systems like network or virtualization equipment a lot of our customers are sensitive to including third-party code…so we have to take great care in what data we collect, what system resources we use, and what response actions we can take during an incident.” – Thomas

17:30 What are the biggest and most common threats to Linux?

18:33 “A lot of the threats we’ll see are coinminers, webshells, things that are trying to exploit databases, or other services that might be running on those systems.” – Dave 

23:01 What’s unique about Red Canary’s approach to protecting Linux?

24:29 “We made some design decisions [for our Linux EDR solution] like using Rust because that’s a language known for developing lightweight and very fast code, and leveraging eBPF so that we can do a lot of the telemetry collection in the kernel which ends up being very fast.” – Dave

27:17 “The really nice thing about the method that we use [for our MDR service] is that we combine responsibilities to both review and detect threats within the same team, so we have a big incentive to drive down false positives and build very highly tuned detection logic.” – Thomas

28:03 How do you research or identify new Linux threats?

28:45 “One of the best sources of data we get is analyzing new threats that we see firsthand. When we identify attacks happening, then publish and adequately scope them, we’ll go back, revisit the behavior we saw, and try and shore up our coverage.” – Thomas

33:41 Linux Threat Investigation Demo

36:34 Key Takeaways

  1. Linux threats and attack vectors differ from their Windows/MacOS counterparts.
  2. Linux is often the foundation of a production system so disruptions or interference negatively impact the business.
  3. Red Canary’s Linux experts are on the front lines of Linux defense, researching and writing on the latest threats.
  4. Our lightweight Linux EDR sensor is built and optimized for Linux with minimal impact on the system.

39:12 Questions & Answers

Kevin Gee
Sr. Product Marketing Manager, Red Canary
Dave Bogle
Sr. Threat Researcher, Red Canary
Thomas Gardner
Sr. Detection Engineer, Red Canary

According to ESG Cloud-Native Security Research, 88% of cybersecurity professionals report having experienced an attack on their cloud-native applications and infrastructure over the last 12 months. 

Yet many cloud security solutions that aim to protect Linux can be cumbersome and disruptive because they were adapted from their Mac or Windows agents. These heavyweight agents can sometimes affect the processing capability of your Linux system or even enact changes. 

That’s why we built a Linux-first solution, specifically designed to effectively secure modern infrastructure. Our unique lightweight agent was designed to silently collect telemetry data while minimizing any possible performance impact. Red Canary Linux EDR and MDR extends Managed Detection and Response to your entire on-prem and cloud Linux infrastructure with deep Linux threat detection expertise and experience.

Discover Linux EDR
Back to Top