Linux is at the center of computing trends, but is your installation secure? - Atomicorp - Unified Security Built on OSSEC

Linux is at the center of computing trends, but is your installation secure?

There are three key trends in computing: cloud, containers and IoT. What do they all have in common? Linux. Linux is a tremendous OS. It is stable, flexible and robust. It is also free. That has been a killer combination in terms of rapid Linux adoption. The OS was a novelty in the business world more than twenty years ago when I first started using it. Now Linux is just about everywhere and in nearly everything.

This is all a feel good technology story up to a point. Open source conquered the world and companies made Linux the default option for computing in everything from the smallest devices to the most powerful server clusters. However, Linux has one key drawback: security.

It is not that Linux is inherently insecure. It is more that there is no single Linux. Linux is whatever you want it to be. You can run whatever you want on it, whatever versions you want, rolled up by whomever you want to get it from, and you can modify it anyway you like. In short, Linux is only as secure as you make it or as insecure as you make it.

My brother Scott and I have been with Linux from the beginning. We built mission critical systems on Linux ranging from software for the White House and the US Security and Exchange Commission’s EDGAR, to intrusion prevention products, firewalls, massive cloud server environments, IoT devices and everything in between. At some point, it became clear that the only way to address the security problems was to build a Linux security stack that addressed the wide variety of gaps in protection and would simply secure whatever Linux system someone had.

How Do You Make Linux Secure? Every Device. Everywhere.

We founded Atomicorp on a simple premise. We make Linux secure. Every device. Everywhere. Like many simple premises, realizing the objective involved a good deal of complexity. How do you secure cloud devices when the user doesn’t own the infrastructure? How do you secure containers that have an average lifespan of days and production systems that can change every few hours? How do you secure an IoT device that has virtually zero additional memory space or compute power? How do you secure a system that cannot be taken offline for patching or if a patch isn’t available how do you fix a critical vulnerability? These are tough questions to real-world problems. Each has different issues that must be addressed. So, we went ahead and did it.

Securing Cloud Infrastructure

A lot of infrastructure is moving to the cloud. Whether it is a web application server, database cluster, mail servers, content management system or any other utility, more and more servers are addressable over the internet. These environments are software defined. That means you can’t bring your security appliances with you. And, why would you want to? The advantages of software defined environments are many, from greater performance and lower costs to higher reliability. Adding hardware bumps along the road can undo these benefits.

Cloud represents a bring your own security model, but only as software. That means these systems are exposed to attack like nothing before and you can’t rely on the traditional castle wall approach to cybersecurity. Security must be baked into the server itself. That requires a new level of protection and a new approach.

It means cloud security solutions have to understand the entire attack surface of the system. They must detect, prevent and recover from attacks across the entire surface and orchestrate all of it in real-time automatically with minimal overhead. The result is a security solution, Atomic Secured Linux, that is easy to implement, has low overhead and automatically protects the entire system. The only requirement is to install it in the cloud environment. Nothing else changes for IT admins or DevOps compared to what they do today.

Securing Docker

Docker container security requires an understanding of the platform at the kernel level. This is the common attack surface that every container shares on a system. It is both a pro and a con. Attackers have access to the system in ways that can cause the entire system to be compromised from a single point of entry. But, if you harden the platform’s kernel, not only can you make it resist attacks against this surface, you can also immunize the containers themselves from common flaws in software. This makes the containers more secure by themselves.

You can also ship the hardened kernel with your favorite OS like CentOS or Ubuntu, to avoid all of these problems and improve security at the same time. And, you can do this without the burden of configuration or the complexity associated with a mandatory access control system. This approach requires intimate knowledge of the Linux distribution, the kernel, the nature of security threats, and the nature of software vulnerabilities. No walk in the park, but a solvable problem.

The result is a security solution, Atomic Secured Docker, that is easy to implement, prevents both container break-outs and break-ins. All of the containers automatically inherit the security of the host because it is baked into the kernel. The only requirement of the developer is to start with an OS image that includes a hardened kernel. Nothing else changes for them compared to what they do today. It’s a good outcome for developers and the security team.

Securing IoT

IoT security represents an entirely different challenge. First, few IoT devices are shipped with embedded security. It is the user’s responsibility. Many people think that as networked devices, IoT can be locked down with good network security. However, that strategy breaks down quickly anytime an attacker breaches your network perimeter (attackers figured this out decades ago). Once that occurs, all of your IoT devices are defenseless. And, if your IoT devices have wireless capabilities — and what devices do not these days — then your network defenses can be circumvented anyway.

The logical way to address this is to install any number of endpoint security solutions. But, you can’t. IoT devices rarely have enough available memory or compute power to install and run endpoint security packages. Again, we have another option in using a hardened kernel. The IoT device requires an OS and it is usually Linux. Using our secure IoT kernel for endpoint protection, Atomic Secured IoT, only incurs a computing overhead hit of 3% or less. It’s an easy decision to make.

Automating Linux Security for Today’s Enterprise Constraints

We went ahead and built Linux security solutions from userland down to the kernel while also addressing one other critical challenge facing IT and business leaders. Security software developers are making more and more sophisticated tools for enterprises, but the enterprises cannot hire enough staff with sufficient expertise to utilize them. The only way for Linux security to truly work at scale is by automating away much of the activity that formerly required expert staff to execute.

Atomicorp tools provide access for administrators and analysts, but are designed to run on their own. They are enterprise-grade security products that don’t require enterprise-grade expertise. You can learn more about Atomcorp solutions for cloud, Docker containers and IoT by clicking the buttons below.