Educational institutions are being hacked on a regular basis, and this trend shows no signs of improvement: over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each. For educational institutions, the implications of any data theft are huge: reputational, legal, economic and operational. It may affect potential funding, as well as cause a loss of future student fees and associated income.
Patching vulnerabilities as soon as possible is the best practice that helps protect infrastructures from security breaches. But vulnerability patching is usually delayed because of a lack of resources, no common view regarding applications and assets, and no ability to take critical applications and systems off-line so they can be patched quickly.
In order to protect the infrastructure of the University of Zagreb’s Academy of Fine Arts, Mirsad Todorovac, CARNet system engineer, started looking for the Linux kernel patching automation tools. He was looking for an alternative to the manual fixing of kernel vulnerabilities, which were considered as a burden to the system administration, as they brought unwanted downtime. After thorough research, he has found KernelCare and currently marks 8 months in uptime! Hear Mirsad’s story in his own words.
“As a system engineer, I have been assigned the administration of several servers in two organizations, and that number seemed to grow. We were running Ubuntu and Debian Linux platforms. Kernel patches that came with fixing kernel vulnerabilities were considered as a burden to the system administration that brings associated unwanted downtime. The reboot with a new version of the kernel had to be postponed until the end of the working day or even the working week, despite being optimized to the minimal interruption of services. This had increased the window of opportunity for the bad guys to deploy their schemes.
I first learned about Ubuntu’s kernel livepatch service, and it was successfully deployed on our Ubuntu servers. However, Debian servers have been left without a solution, until the targeted research had found the KernelCare service. The price was so affordable that I could pay for its testing from my personal PayPal account. Considering the cost and benefit of having vs. not having life kernel patching, I have considered it a wise investment.
Later we qualified as a non-profit organization. I was surprised to learn that our “fully patched” Debian Jessie servers had 91 vulnerabilities fixed by KernelCare and now I feel so much safer about our servers and my employment. We are now fully live patched, and our uptime is 8 months and increasing. Writing long apologetic emails that non-technical users wouldn’t understand anyway became a thing of the past. My fellow administrators were convinced by the fact that major players like Dell have adopted this solution for their servers.
The support was excellent – they responded to our problems within tens of minutes and solved within hours or within a day. The support team is quite open to suggestions for the improvement of already excellent service, and I feel almost like a part of the developer team. As for today, I see no alternative to KernelCare at the same affordable price and reliability, and we are going to stick with the KC solution.”
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Croatia
Mirsad, we are glad to welcome you and the University of Zagreb onboard and wish you to reach 2000 days of uptime, as some of our clients have reached over the years with KernelCare.