As soon as a new vulnerability affecting a Linux kernel is announced, the TuxCare
team immediately gets to work on a live patch.
KernelCare Enterprise then deploys each patch in less than a nanosecond:
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel.
The KCE kernel module – in a matter of nanoseconds – loads the updated binary into the secure kernel space and redirects all functions to the updated code – and the kernel resumes.
Because this happens in nanoseconds, no processes are
interrupted, and no failover condition is ever triggered
KernelCare Enterprise For Linux infrastructures demanding heightened security measures and adherence to internal and external compliance requirements |
KernelCare SimplePatch
For tech enthusiasts and organizations with smaller |
|
---|---|---|
Kernel Live Patching | ||
Supported System1 Count | Unlimited | Up to 50 systems |
Live Patching for Shared Libraries | Add-on (LibCare) | – |
Live Patching for KVM/QEMU | Add-on (QEMUCare) | – |
Customizable Patch Rollout Policies | – | |
Centralized Configuration Management | – | |
Support for Multiple Business Units and Users | – | |
Deployment in Air-Gapped Networks | – | |
Integration with Vulnerability Scanners for Live Patch-Aware Compliance Reporting | – | |
1 System = Physical device, VM, or cloud instance