KernelCare Blog

KernelCare will be at this year’s RSA Conference 2020 USA, in San Francisco’s Moscone Center, from 24 to 28 February 2020. We look forward to seeing you at Booth #6279 in the North Expo.

This year’s session is titled:

“Enabling Compliance with Faster Patch Management”

Igor Seletskiy, KernelCare’s CEO, will be in Moscone South on Thursday, February 27, 11:00–11:20, where he’ll discuss how KernelCare helps organizations with their compliance needs.

But there are many other great sessions to see. Here’s a short list of those that have piqued our interest.

At the end of January 2020, another speculative execution vulnerability was found in Intel processors. Any modern Intel CPU built before October 2018 is likely vulnerable to a discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.

You want more—more protection for business-critical applications running on Linux, applications that depend on glibc and OpenSSL.

As with the kernel, vulnerabilities in glibc or OpenSSL can’t wait to be patched.

That’s why, last November, we announced KernelCare+, an enhanced variant of KernelCare, one that patches vulnerabilities in essential user space libraries in addition to those in the Linux kernel. And as with KernelCare’s Linux kernel live patching, KernelCare+ updates applications without affecting their operational state—no restarts, no reboots.

Our enterprise customers want more: more integration, more support, more control.

That’s why we’re thrilled to announce the launch of KernelCare Enterprise, a new member of the KernelCare family specially tailored for companies with 1000 servers or more.

Data breaches happen all the time for all sorts of reasons. The ones that make the news have three things in common:

1. The data affects you and me, the public, everyday people.
2. The data affects many of us, millions, even billions.
3. The companies looking after the data are household names.

In this article we’re going to look at three famous companies each of which lost a lot of people’s data.

A global financial services company (name confidential) recently used KernelCare to resolve a difficult Linux kernel patching situation and achieve SOC2 compliance. Read our latest case study to learn how it did that:

KernelCare Client, Efinity, deal with clients in fourteen countries. This means that the system has to deal with a lot of data - much of it personal data - and must be watertight. In the light of recent data breaches, Efinity kept getting compliance questions from their customers: did they have the SOC 2 certification?

The next cybersecurity threat is always just around the corner.

There was a time when changes to the cybersecurity landscape was measured in years, not days. Today, software vulnerability disclosures are part of our daily news cycle.

Last year we ported KernelCare to run on Arm processors.

There was such a massive response to this announcement, that we’ve worked on expanding KernelCare’s Arm support to more Linux distributions, those focusing on IoT device development and deployment.

So today we’re happy to announce the release of KernelCare IoT.

Introduction

In Part 2, I ran Mango queries on a CouchDB database full of CVEs, and had a good picture of how the number and severity of Linux kernel vulnerabilities varies from year to year. (Part 1 showed how to set up CouchDB and import CVE data into it on Ubuntu 18.04.)

In this part, Part 3, I develop that core Mango query to look at how the number of Linux kernel vulnerabilities varies by kernel version.