As soon as a new vulnerability affecting a Linux kernel is announced,
the TuxCare team immediately gets to work on a live patch.
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel.
The KCE kernel module – in a matter of nanoseconds – loads the updated binary into the secure kernel space and redirects all functions to the updated code – and the kernel resumes.
The LibCare add-on delivers automated, non-disruptive security patches to shared libraries like glibc and OpenSSL.
With KernelCare Enterprise, we’ve completely eliminated patching-related downtime, we’ve slashed the hours we spend on CVE patching by 72%, and our vulnerability exposure window has shrunk by 90%
In Corporate, we use KernelCare to do Linux OS updates seamlessly and without reboots required. It’s really helped us with meeting InfoSec requirements for compliance and eased the time commitments of my team relating to patching. It’s relatively inexpensive as well.