Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

LynuxWorks Unveils Rootkit Detection Appliance

LynuxWorks, a provider of tools and technologies for the embedded software market, today announced the RDS5201, a new product designed to help detect the stealthiest of advanced persistent threats (APT), the rootkit.

LynuxWorks, a provider of tools and technologies for the embedded software market, today announced the RDS5201, a new product designed to help detect the stealthiest of advanced persistent threats (APT), the rootkit.

The RDS5201 Rootkit Detection System is a custom-built hardened appliance, which detects low-level, zero-day rootkits, often the payload of advanced threats.

Built on the LynxSecure 5.2 separation kernel and hypervisor, the RDS5201 is a small form factor appliance designed to offer a unique detection capability that complements traditional security mechanisms, the company said.

RDS5201 Rootkit Detection Appliance PhotoThe detection is direct (i.e., not done by statistical analysis or other indirect techniques) and is coupled with immediate, automated, live visual forensic data.

“Rootkits are becoming stealthier, more potent and more complex. The threat from them is becoming more prevalent, as exploit kits are commercially available and are easier to use. Recent researches are showing that seven of the top ten threats in 2012 were rootkits and that the number of boot-level rootkits increased dramatically,” said Avishai Ziv, vice president of Cyber Security Solutions at LynuxWorks. “The normal endpoint and network protection mechanisms simply cannot prevent, or even detect, them until it is too late and hence the need for a new type of security product, such as the RDS5201, to help give early warning for these threats as they infect our enterprise networks.”

Rootkits work at the lowest levels of the operating system (OS) they intend to attack. Common detection and prevention mechanisms are part of the “attack target,” allowing rootkits to disable the installed anti-malware client applications. The only way to overcome low-level rootkits is by allowing the security application to execute with a higher security privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. It must also be self-protecting, non-bypassable and tamper-proof.

The LynxSecure separation kernel and hypervisor offers what the company says is a “non-detectable secure platform” that is used to exercise potential infections, revealing stealthy threats as they attack their virtual victim. LynxSecure is the most privileged monitor in the RDS5201 platform, and constantly monitors for malicious and irregular activity in key disk areas (MBR, key blocks and sectors); physical memory areas; CPU instructions and data structures; interrupt data structures etc., the company explained.

This detection is completely OS agnostic, as it’s situated below any of the guest OS. Upon detection, the RDS5201 alerts and sends an automated live forensics report to its dashboard, including detailed information such as the clean and infected disk sectors, in-memory data structures, and more. The RDS5201 can also be connected to other network protection systems such as SIEM and threat management systems, offering an early warning mechanism that complements and enhances existing security solutions, the company said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.