Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

LynuxWorks Unveils Rootkit Detection Appliance

LynuxWorks, a provider of tools and technologies for the embedded software market, today announced the RDS5201, a new product designed to help detect the stealthiest of advanced persistent threats (APT), the rootkit.

LynuxWorks, a provider of tools and technologies for the embedded software market, today announced the RDS5201, a new product designed to help detect the stealthiest of advanced persistent threats (APT), the rootkit.

The RDS5201 Rootkit Detection System is a custom-built hardened appliance, which detects low-level, zero-day rootkits, often the payload of advanced threats.

Built on the LynxSecure 5.2 separation kernel and hypervisor, the RDS5201 is a small form factor appliance designed to offer a unique detection capability that complements traditional security mechanisms, the company said.

RDS5201 Rootkit Detection Appliance PhotoThe detection is direct (i.e., not done by statistical analysis or other indirect techniques) and is coupled with immediate, automated, live visual forensic data.

“Rootkits are becoming stealthier, more potent and more complex. The threat from them is becoming more prevalent, as exploit kits are commercially available and are easier to use. Recent researches are showing that seven of the top ten threats in 2012 were rootkits and that the number of boot-level rootkits increased dramatically,” said Avishai Ziv, vice president of Cyber Security Solutions at LynuxWorks. “The normal endpoint and network protection mechanisms simply cannot prevent, or even detect, them until it is too late and hence the need for a new type of security product, such as the RDS5201, to help give early warning for these threats as they infect our enterprise networks.”

Rootkits work at the lowest levels of the operating system (OS) they intend to attack. Common detection and prevention mechanisms are part of the “attack target,” allowing rootkits to disable the installed anti-malware client applications. The only way to overcome low-level rootkits is by allowing the security application to execute with a higher security privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. It must also be self-protecting, non-bypassable and tamper-proof.

The LynxSecure separation kernel and hypervisor offers what the company says is a “non-detectable secure platform” that is used to exercise potential infections, revealing stealthy threats as they attack their virtual victim. LynxSecure is the most privileged monitor in the RDS5201 platform, and constantly monitors for malicious and irregular activity in key disk areas (MBR, key blocks and sectors); physical memory areas; CPU instructions and data structures; interrupt data structures etc., the company explained.

This detection is completely OS agnostic, as it’s situated below any of the guest OS. Upon detection, the RDS5201 alerts and sends an automated live forensics report to its dashboard, including detailed information such as the clean and infected disk sectors, in-memory data structures, and more. The RDS5201 can also be connected to other network protection systems such as SIEM and threat management systems, offering an early warning mechanism that complements and enhances existing security solutions, the company said.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.