KernelCare now works with vulnerability scanners - TuxCare

KernelCare now works with vulnerability scanners

KernelCare Team

September 19, 2019

scanners

Screen Shot 2019-09-20 at 11.47.33 PMVulnerability scanners are programs that scan your system to tell you whether you have software installed with known vulnerabilities. However, sometimes these scanners can give false positives. After too many false positives, analysts will begin to ignore reports, as reviewing a false positive takes time and money, and incident response and threat hunting are affected. The impact of false positives can be severe when benign reports create exhaustive overhead for your analysts.

In a recent Ponemon report, 58% of respondents indicated that their Security Operations Center (SOC) was ineffective, and 49% of these respondents said that the reason behind inefficiencies is too many false positives. In addition to false positives causing inefficiencies, 42% of respondents also indicated that false positives interfered with threat-hunting teams.

Customers using KernelCare to live patch their Linux kernels and repair known vulnerabilities without rebooting were surprised when their scanning tool continued to report their system as having a vulnerable kernel, giving them a false positive.

The reason for this is that KernelCare does not report kernel patches to local repositories.

So, we have made a small change to KernelCare, modifying the LD_PRELOAD environment variable to correctly return the kernel version to the scanning tools.

If you have any questions on this or other aspects of KernelCare, please get in touch.

 

About KernelCare

KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It’s used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at [email protected].

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching