The upward trajectory continues here at KernelCare. As an element of the wider CloudLinux suite of offerings, KernelCare are now an Advanced Technology Partner in the AWS Partner Network (APN).
In the first week of July, Jim Jackson, President and CRO at CloudLinux, dropped by the AWS APN blog to describe to AWS users how KernelCare can help them strengthen security and elevate availability.
For most companies, the only way to apply patches is by restarting the server. But AWS EC2 users are like any other system administrator: they hate unplanned downtime. Restarting servers harms customer service, jeopardizes business, and is a headache to organize. So even when a critical kernel patch is released in response to a serious CVE, that patch won’t be applied until the next carefully scheduled maintenance window – which could be weeks or even months away. During the delay that precedes the pre-planned reboot, the servers sit there, unpatched and vulnerable to threats.
This is both a serious security risk, and a violation of compliance policies.
Live patching lets you fix security issues in a Linux kernel without having to wait for a kernel release, and without the need to restart servers. With KernelCare, patches are acquired by an agent program as soon as they are ready, and a kernel module performs the patching direct to a hot (live) kernel.
At KernelCare, we already have many AWS EC2 users happily using KernelCare to stay live-patched. Affinity Water, a UK-based utility company, runs KernelCare on dozens of their AWS-hosted virtual machines (VMs), across four different types of Linux. Similarly, Efinity Insurance have been using KernelCare for more than a year, and have experienced rapid growth with their Java-based software solution deployed on AWS instances running CentOS.
The gap between patch issue and patch application is the central cause of many recent cybersecurity failures. This gap can also make you noncompliant. For anyone running complex, Linux-powered service stacks on AWS, live patching should be an essential part of their security stance. KernelCare works on a variety of Linux distributions and kernels, including Amazon Linux 1 and 2, under both virtualized and bare-metal varieties.