Contact Us

|

Careers

|

Change Locale
close

SentinelOne Releases Free Linux Tool to Detect Meltdown Vulnerability Exploitations

Uncategorized | Posted on August 14, 2018 by schap

Using Behavioral detection, SentinelOne Security Researchers, Dor Dankner, and Ran Ben Chetrit developed the tool capable of catching Meltdown exploit. The tool goes beyond all offerings available today, some of which just state if a device is exposed or not. 

The patching process for the devastating Meltdown vulnerability has left thousands of enterprises with a predictable, yet unenviable, choice: patch immediately for security and risk system-wide impact or, test the patches against their full stack of software applications while remaining exposed to vulnerability exploitation by attackers.

As a result, the industry at large is in a race: patch and secure the many endpoints that are still unprotected before attackers can weaponize the vulnerabilities. This is especially true for Linux-based systems, where no comprehensive protection solution has been released to date.

This is a race that the security industry needs to run together in order to win – which is why SentinelOne today is releasing a new free tool to prevent Meltdown exploitation while the patching process catches up.

Dubbed Blacksmith, this tool detects the attempted exploitation of Meltdown vulnerability on all Linux systems, empowering Linux admins to stop attacks before they take root.

How does Blacksmith work?

The Blacksmith tool leverages the performance counting feature enabled on modern chipsets to monitor processes for malicious caching behavior. The Meltdown vulnerability generates these patterns during exploitation, and Blacksmith uses the built-in Linux “perf events” mechanism to collect information on the running processes. For older processors and virtual environments, Blacksmith also identifies a specific type of page fault which indicates Meltdown exploitation attempts.

Why Linux?

There are two key factors for why we chose to prioritize the Linux version of this tool. First, because Linux is very susceptible to such attacks as there is no comprehensive solution available. And second, Linux is the preferred OS of the world’s top supercomputers and therefore, is a high-value target for attackers. Together, these reasons made it clear that it was critical to help secure Linux environments as quickly and effectively as possible right now.

To check Linux for Meltdown vulnerability: https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability 

What happens on detection?

When Blacksmith detects an exploitation attempt it reports it to Syslog. The event can be saved locally, sent by email, or sent to remote Syslog server functions. This allows each admin to clean up the exploitation as they see fit.

Why is the tool free?

Other than because it is the right thing to do, we also want to ensure that the tool will work in the best way for each application by each Linux system admin. By providing it for free we allow admins to test it fully against underlying applications, and ensure it in their systems before deploying.

Where is Blacksmith available?

Update: March 1st: BlackSmith is updated to version 2, support also Ubuntu 16.04, 17.04, 17.10 and Centos 6.5. Try at your own risk. Download here: s1-blacksmith (V2)

This article was originally published here.

Categories

Related Articles

“A people without knowledge of their past history, origin and culture is like a tree without roots.” – Marcus Garvey

Culture | April 9, 2019 by Kelly Breedon

Softchoice is very proud to have been named to the Great Place to Work Institute’s first ever list of Best Workplaces for Giving Back. This list recognizes organizations with a strong employee commitment to giving back, and a robust range of programs that support positive change in their communities. Taking care and giving back are […]

When we talk about Digital Transformation, three key topics always come to the fore: optimizing IT investments, enabling end users, and IT agility. On a granular level, these three factors form an axis of issues companies must deal with when making the digital leap. At our recent roundtable dinner in Boston, we sat down with […]