Tech Support
Documentation
Login
Contact Us
Not sure what live patching is or how it works? Check out this comprehensive guide.
We Monitor New Vulnerabilities
Our team is always on the lookout. As soon as a new vulnerability affecting a
Linux kernel is announced, we immediately get to work on a patch.
then…
-
1
We Create the Patch
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
-
2
We Prepare the Patch for Deployment
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
-
3
You Receive the Patch
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel – a process that can be automated.
-
4
KernelCare Applies the Patch
The patch is passed to the KCE kernel module, which – in a matter of nanoseconds – pauses all processes, loads the updated binary into the secure kernel space, redirects all functions to the updated code – and the kernel resumes. Because this happens in nanoseconds, no processes are interrupted, and no failover condition is ever triggered.
