Boosting Your Linux & Docker Security with CB LiveOps

Today we’re excited to announce Linux support for CB LiveOps, Carbon Black’s real-time endpoint query & remediation solution that helps security teams audit and change the state of their systems. This release expands the product’s footprint to cover all major operating systems, including Amazon workloads and Docker containers.

CB LiveOps gives security & IT teams the ability to remotely access artifacts directly from endpoints at scale. This makes it significantly easier for those teams to track drift across their entire environment, assess vulnerabilities in real time, confidently respond to incidents, and to prove compliance with business policies and industry regulations.

Purpose-Built for Linux

With the roll out of the new Linux sensor, CB LiveOps now supports five distributions of Linux – including Red Hat, Ubuntu, SUSE, CentOS, and Amazon Linux – as well as generic support for nearly every Linux distribution released since 2011.

This support provides direct access to more than 1,000 individual system artifacts on Linux machines, including the ability to check the status of disk encryption, installed applications, kernel integrity, listening network ports, logged in users, OS versions, USB devices and more.

While CB LiveOps has already supported both Windows and Mac for months, this is a solution purpose-built to excel on Linux machines for two primary reasons:

• This is a lightweight, user-mode solution that has no noticeable performance impact on the assets, following our stated “Do No Harm” principle for Linux security.
• Being query-based, rather than continuously collecting data, it cuts out all of the extra noise typically associated with EDR-style visibility on Linux machines and lets administrators get only the data they need, right when they need it.

Gaining Visibility Into Docker Containers

Along with Linux coverage, this release also provides visibility into Docker container status and metrics. This means that, using CB LiveOps, security teams can now get insight into the running state of all Docker container processes, networks, ports, labels, mounts and more that exist within their environment.

With Docker containers continuing to be more and more prevalent across businesses of all sizes, lack of visibility into this portion of the environment has become an increasingly alarming blind spot for many security teams.

Containers are already becoming a target of the prevalent, sometimes overlooked issue of cryptomining malware (cryptojacking). As organizations continue to containerize business-critical workloads, attackers are only going increase the effort and resources they devote to finding ways to highjack or disrupt those environments to benefit their own interests.

CB LiveOps gives security administrators the ability to keep an eye on usage metrics and security configurations of Docker containers in their environment. For example, users can easily audit for:

• Containers running with privileged status
• Containers running without control systems like AppArmor
• Containers that have processes taking up an abnormally high percentage of resources

Having easy access to this type of information at your fingertips allows security teams to move quickly when looking for potential vulnerabilities or uncovering indicators of compromise in those environments.

Minimizing Unnecessary Complexity

Historically, when security teams need visibility into new parts of their environment or newly discovered attack trends, you’ve been forced into evaluating and deploying entirely new tools into your stack.

However, this approach gradually leaves your team with dozens of standalone products that have their own agents and consoles to manage, update, and train new team members on.

By consolidating to an endpoint protection platform (EPP) that can give broad visibility across the entire environment, your organization can buck the inefficient trends of the past and avoid overextending administrators with tedious tool management tasks.

Want to learn more about the value of CB LiveOps? Check out our product datasheet today.

See also:

• New CB LiveOps Release Brings Recommended Queries to Users
• Why DevOps is Becoming More Like DevSecOps
• Can You Handle the Cyber Threats Coming in 2019?

The post Boosting Your Linux & Docker Security with CB LiveOps appeared first on Carbon Black.