SENTINELONE- releases free Linux tool to detect meltdown vulnerability exploitations
Hem LEVERANTÖR SENTINELONE- releases free Linux tool to detect meltdown vulnerability exploitations

SENTINELONE- releases free Linux tool to detect meltdown vulnerability exploitations

Publicerat av: Redaktionen

Using Behavioral detection, SentinelOne Security Researchers, Dor Dankner and Ran Ben Chetrit developed the tool capable of catching Meltdown exploit.

The tool goes beyond all offerings available today, some of which just state if a device is exposed or not.

The patching process for the devastating Meltdown SENTINELONE- releases free Linux tool to detect meltdown vulnerability exploitations 2vulnerability has left thousands of enterprises with a predictable, yet unenviable, choice: patch immediately for security and risk system-wide impact or, test the patches against their full stack of software applications while remaining exposed to vulnerability exploitation by attackers.

As a result, the industry at large is in a race: patch and secure the many endpoints that are still unprotected before attackers can weaponize the vulnerabilities. This is especially true for Linux-based systems, where no comprehensive protection solution has been released to date.

This is a race that the security industry needs to run together in order to win – which is why SentinelOne today is releasing a new free tool to prevent Meltdown exploitation while the patching process catches up.

Dubbed Blacksmith, this tool detects the attempted exploitation of Meltdown vulnerability on all Linux systems, empowering Linux admins to stop attacks before they take root.

How does Blacksmith work?

The Blacksmith tool leverages the performance counting feature enabled on modern chipsets to monitor processes for malicious caching behavior. The Meltdown vulnerability generates these patterns during exploitation, and Blacksmith uses the built-in Linux “perf events” mechanism to collect information on the running processes. For older processors and virtual environments, Blacksmith also identifies a specific type of page fault which indicates Meltdown exploitation attempts.

Why Linux?

There are two key factors for why we chose to prioritize the Linux version of this tool. First, because Linux is very susceptible to such attacks as there is no comprehensive solution available. And second, Linux is the preferred OS of the world’s top supercomputers and therefore, is a high-value target for attackers. Together, these reasons made it clear that it was critical to help secure Linux environments as quickly and effectively as possible right now.

To check Linux for Meltdown vulnerability: https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability 

What happens on detection?

When Blacksmith detects an exploitation attempt it reports it to Syslog. The event can be saved locally, sent by email, or sent to remote Syslog server functions. This allows each admin to clean up the exploitation as they see fit.

Why is the tool free?

Other than because it is the right thing to do, we also want to ensure that the tool will work in the best way for each application by each Linux system admin. By providing it for free we allow admins to test it fully against underlying applications, and ensure it in their systems before deploying.

Relaterade Artiklar

Vi använder cookies och andra identifierare för att förbättra din upplevelse. Detta gör att vi kan säkerställa din åtkomst, analysera ditt besök på vår webbplats. Det hjälper oss att erbjuda dig ett personligt anpassat innehåll och smidig åtkomst till användbar information. Klicka på ”Jag godkänner” för att acceptera vår användning av cookies och andra identifierare eller klicka ”Mer information” för att justera dina val. Jag Godkänner Mer Information >>

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00