Sureview® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification

SureView® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification

Promoting trustworthy and repeatable analysis of volatile system state

Benefits Increased Usage of Linux in Forensics Field Guide for Linux Global Enterprises Systems2,” the apparent goal n Enables visibility into the state n Scans thousands of The use of Linux is everywhere of these attackers is to steal all systems with hundreds of of systems software while in the world. Linux is used in types of information. Perhaps of gigabytes of memory executing in memory our stock exchange transactions, greatest concern are the synchro- on Linux systems n Provides a configurable social media, network storage nized, targeted attacks against n Delivers malware detection using scanning engine for automated devices, smartphones, DVR’s, Linux systems. For several years, scans of remote systems an integrity verification approach online purchasing web sites, organized groups of attackers to verify that all systems software throughout an enterprise running is known and unmodified and in the majority of global (a.k.a. threat actors) have been n Incorporates an easy-to- Internet traffic. The Linux infiltrating Linux systems and to quickly identify threats use GUI to quickly assess Foundation’s 2013 Enterprise have been communicating with n Allows the integration and interpret results End User Report indicates that command and control (C2) of memory forensics into n Delivers output in a structured 80% of respondents planned servers and exfiltrating data enterprise security information data format (JSON) to to increase their numbers of from compromised Linux sys- and event management facilitate analytics systems (SIEMS) supporting Linux servers over the next five tems. As a matter of fact, with ease of implementation n Supports all Linux distributions, years1. Drivers include global an increasing market share of 32- and 64-bit x86 systems n enterprises migrating to cloud Linux desktop users, malware Includes an extensive providing flexibility and collection of reference software ease of implementation deployments, collaborative authors have recently taken solid (kernels and applications) and mobile technologies, aim at this target population n Operates reactively or n and employing Linux for with banking Trojan malware. Verifies the integrity of a pro-actively on a single remote system's kernel and system or at enterprise scale mission-critical workloads. the integrity of the executable for Linux-focused security These self-serving enemies are in all processes without doing Escalated Malware Attacks on always going to be one step a complete memory dump Linux Systems ahead of enterprises’ network Millions of malware threat infrastructure security systems actors recognize this trend making it extremely difficult, and are using advanced tactics if not impossible, for systems to infiltrate Linux systems. to find malware signatures and According to the 2013 “Malware inversion of control techniques. SureView® Memory Integrity

Despite the increasing prevalence running is known and unaltered. SureView Memory Integrity Conclusion of attacks on Linux systems, When responding to a confirmed Enterprise Security – Protecting Rising trends in malware detecting them has often been or potential computer security Entire Enterprises incidents targeting Linux systems, an afterthought for security ven- incident on a Linux system, The Enterprise Security version combined with the ability of dors focused on other platforms. SureView Memory Integrity of SureView Memory Integrity modern Linux malware to avoid Linux System Administrators and will quickly determine where to monitors Linux workstations and common security measures, make security experts require assur- focus your efforts by highlighting servers using live remote memory malware incident response and ance that their enterprise systems stealth malware, unknown, or analysis to verify the integrity forensics a critical component are running the software that unauthorized programs running of the kernel and processes. It of any risk management strategy they are supposed to be running on the system, and other potential provides notifications to system in any organization that utilizes and nothing else. This requires a indicators of compromise and administrators and security Linux systems. SureView combination of memory foren- vulnerability, saving you time, teams when alerts indicate a Memory Integrity provides sics and integrity verification money, and loss of business. compromise has been detected unparalleled assurance that to uncover stealth malware and and enables quick, in-depth the programs and libraries in alerts on unknown or unex- SureView Memory Integrity for investigation and response. memory on Linux servers and pectedly modified software. Linux Incident Response SureView Memory Integrity workstations, from the kernel to Too many people learn that SureView Memory Integrity was designed to automate system services and applications, their Linux systems are com- Incident Response provides Linux memory forensics on are of known origin and have promised only through external memory acquisition and thousands of geographically not been tampered with. It’s notification, long after the fact. analysis tools to help you get to distributed systems enabling particularly useful for detecting the root of the problem when system administrators and artifacts of malware. SureView It's 10:00p.m. on Sunday, do you you're investigating a suspect other users to meet tight Memory Integrity is a powerful know what software your Linux system. The Incident Response performance, reliability, and tool for detecting potential servers are running? Today, it’s edition preserves evidence in timing requirements. SureView concealment techniques2. a matter of “when” your system volatile memory, reconstructs Memory Integrity Enterprise There is no more effective tool will be attacked by an unwanted the system state, and extracts Security verifies that your commercially available for perpetrator. Will you be ready? artifacts from memory. It detects Linux systems are running only detecting rootkits, backdoors, stealthy malware that would authorized software whether it and other unauthorized SureView® Memory Integrity remain hidden from other system is vendor supplied, third-party processes on Linux systems. Protects Your System administration, forensic, and supplied, or custom developed. SureView Memory Integrity is a investigative tools. SureView It detects rootkits, backdoors, tool that uses memory forensics Memory Integrity Incident unauthorized processes, and 1 The 2013 Linux Adoption: 3rd Annual Survey of the World’s Largest Enterprise Linux Users. to acquire and analyze volatile Response is powerful and easy other signs of intrusions into memory from Linux systems. to use; memory acquisition is your critical Linux systems. Its 2 Malware Forensics Field Guide for Linux Systems – Digital Forensics Field Guides by SureView Memory Integrity initiated via a single command memory forensics alerts can be Cameron H. Malin, Eoghan Casey, and James M. provides malware detection using and analysis results are provided easily integrated into any existing Aquilina. Copyright © 2014 Elsevier, Inc. an integrity verification approach via an easy to navigate GUI. Security Information and Event SureView® Memory Integrity | Architecture to validate that all software Management Systems (SIEMS).

SureView® Memory Integrity Server

Reference Data Repository For further information contact:

Raytheon|Websense 12950 Worldgate Drive, Suite 600 Linux Targets Herndon, Virginia 20170 USA 866.230.1307 SIEM www.raytheoncyber.com

All other trademarks and registered trademarks are property of their respective owners.