Today’s internet is largely powered by Linux servers, many of which have become the target of attackers looking to utilize this vast pool of resources for much larger and more aggressive campaigns.
Traditionally these have consisted of DDoS attacks, but more recently attackers are increasing their utilization of these comprised resources to distribute malware to other systems outside the affected company. When it comes to protection, Linux systems suffer from the same shortcomings inherent in traditional antivirus software that relies on static signatures for detection of threats, and provides no means to detect the thousands of new threats that emerge daily.
SentinelOne announced a new solution aimed at protecting enterprise data centers and cloud providers from emerging threats that target Linux servers.
“As we have seen, Linux endpoints, whether they are servers or other devices, are not immune to malware and other forms of attack,” said Tomer Weingarten, CEO of SentinelOne. “To address this new threat plane, SentinelOne EPP now provides the same exceptional level of integrated threat detection, prevention and remediation for Linux machines as it does for Windows and OS X devices.”
To detect and block even the most sophisticated threats and zero-day attacks, SentinelOne uses a lightweight autonomous agent to monitor all activity in both kernel and user space (including files, processes, memory, registry, network, etc.) on the protected device.
Each agent leverages the SentinelOne Dynamic Behavior Tracking (DBT) Engine which uses sophisticated machine learning to predict threats across any vector against a full context of normal application behavior.
Once malicious activity is detected SentinelOne immediately employs a series of automated mitigation and quarantine processes to eliminate the threat in real-time. SentinelOne also maintains a detailed audit trail of activity for forensic analysis and reporting which is delivered to the management console in real-time.