Addressing cybersecurity vulnerabilities in the changing LINUX landscape

  /  ICS Security   /  Cybersecurity   /  Addressing cybersecurity vulnerabilities in the changing LINUX landscape

Addressing cybersecurity vulnerabilities in the changing LINUX landscape

Linux is a prevalent component of nearly every workload: more than 90% of cloud workloads and 70% of web servers run on it. Like all technology solutions, Linux has continued to evolve over time, potentially opening you up to new cyber security threats. Bad actors often have an advantage because they are working against known security measures and the cloud has made it easier to share information on successful entry points. That means it’s vital you stay on top of known and potential vulnerabilities.

Brad LaPorte, former analyst at Gartner, offered in a recent webinar some sobering data when commenting on how the security landscape has changed:

  • Malware families alone have grown 40% year over year since 2019 and 500% over the past decade.
  • The IBM Exforce Threat Intelligence Index shows exploits are now the main attack vector, bumping phishing from its decade-long run as the #1 entry point.
  • Somewhere in the past 30+ years, Linux went from “secure by default” to showing up in the breadcrumbs of more than 90% of software security breaches.

Despite the obvious rise in bad actors exploiting vulnerabilities in Linux operating systems, the increase can’t be chalked up to any brand new techniques—buffer overflows are still the biggest threat. What has changed, according to Kurtzer, is the sheer scope of this popular open source software, which leads to additional entry points and increased risk. Containers compound these vulnerabilities, allowing user spaces to be packed up and moved around independently of the core operating system.

According to Greg Kurtzer, CEO of Ctrl IQ, two big container missteps that can reduce security are: not having good provenance that allows you to see where the containers come from, and the byte rot associated with continuous deployment without management, updates, or visibility.

With Linux driving more workloads that run the cloud, it’s important to remember that the same types of attacks work across containers, cloud-based systems, and physical servers. As Kurtzer noted in a recent webinar organized by RunSafe Security, the cloud often provides a double threat to security, making cyber security attacks more effective and easier to scale while simultaneously making the job of effectively monitoring and managing entry points more difficult.

Addressing Vulnerabilities in Open Source Software

Risk is directly related to how much visibility you have into the depths of your software. The nature of open source software means people not employed by you or your company have the ability to submit code, which in turn means you could be blind to risks contained within it. Put plainly, what you don’t know can hurt you.

Distilling down to the essentials, Britton offered two key questions that can help determine your level of risk:

  • Do you have a complete bill of materials for your software, including open source? Being able to see and explain the purpose of every piece of code in all of your software helps you lay the foundation for understanding and mitigating vulnerabilities.
  • Do you have visibility into the kind of malicious activity each type of code is vulnerable to? The web app on top of the stack might be the easiest to notice, but the compiled code and aspects of an operating system that exist underneath it constitute latent risks.

These questions get to the heart of why visibility is so vital—because bad actors are always trying to get one level below where your software security efforts are located. That means that attacks are progressively moving farther down the stack while a lot of focus has been on the surface level like antivirus protection, multi-factor identification, and Linux-based solutions for endpoint open source code protection.

LaPorte noted that most industry solutions are almost the inverse of how software security should work. He and Britton both agreed that traditional security methods have huge gaps and the focus should be on hardening the software to prevent changes and stop attacks at the code level.

“Too many times, we’ve seen people think that because they’ve tied off one layer that vulnerabilities elsewhere in the stack just don’t matter,” said Britton. “And what I think that history has shown us that it’s a bit of a naive assumption because bad actors are good at taking your assumptions and turning them on their ear. Being able to provide that hardening for everything that is in memory is essential.”

RunSafe Builds in Software Security from the Bottom Up

RunSafe Security’s patented Alkemist technology helps secure software during the build, leveraging both Moving Target Defense (MTD) and Runtime Application Self-Protection (RASP) techniques to prevent bad actors from weaponizing vulnerabilities. According to both Kurtzer and Britton, MTD models are proving to be incredibly helpful in mitigating buffering overflow attacks by removing predictability. RunSafe Security and CIQ have teamed up to integrate RunSafe’s Alkemist:Code technology within CIQ’s platform.

Now, cyber hardening technologies offered by Alkemist:Code are available to Rocky Linux users with no extra effort. The virtually unbreakable code won’t slow down development or runtime speeds and offers new ways to leverage containers for security. By adding RunSafe’s Alkemist: Code into a build, Rocky Linux users effectively bake in the most advanced cybersecurity protection tools that will move with that container wherever it goes.

In addition, access to the mighty but easy-to-use Alkemist: Code means that Rocky Linux users can take advantage of protections while maintaining accessibility for those who don’t have decades of expertise in open source software security, making it a truly turnkey solution that mitigates vulnerabilities from the bottom up.

As the Linux landscape evolves, software security is getting harder. Learn from expert panelists how you can identify software security vulnerabilities and implement security protections, in this webinar.


About the author

Doug BrittonThis article was written by Doug Britton, Chief Technology Officer at RunSafe Security and originally it was published here. Prior to joining RunSafe, Doug served as founder and CEO of Kaprica Security, where he successfully developed groundbreaking technologies, including its mobile device management business which was sold to Samsung.