News: 0175237361

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Halcyon Announces Anti-Ransomware Protection for Enterprise Linux Environments (linux-magazine.com)

(Saturday October 12, 2024 @05:34PM (EditorDavid) from the feeling-insecure dept.)


Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), [1]Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, [2]according to Linux magazine :

> [3]According to Cynet , Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."

Here's how Halcyon's announcement [4]made their pitch :

> "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

>

> Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

>

> Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.

And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."



[1] https://www.halcyon.ai/company

[2] https://www.linux-magazine.com/Online/News/Halcyon-Creates-Anti-Ransomware-Protection-for-Linux

[3] https://www.cynet.com/ransomware/linux-ransomware-attack-anatomy-examples-and-protection/

[4] https://finance.yahoo.com/news/halcyon-announces-anti-ransomware-protection-130000706.html



Performance hit? (Score:2)

by OffTheLip ( 636691 )

> Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context.

While not the same use case years ago the government site I worked with pushed McAfee for Linux on us and it was a performance killer. It also had "real-time" monitoring. Wonder how this stacks up to that software.

Re:Performance hit? (Score:4, Interesting)

by ls671 ( 1122017 )

It's probably not the same thing. The only way to offer real, fail-safe "ransomware protection" is to use snapshots and backups that can't be compromised. We have replicated snapshots taken every minute but of course we also try to not get hit in the first place and have measures in place for that too.

Selling a solution where you rely exclusively on not getting hit in the first place wouldn't be really serious IMHO.

Every who has had ransomware on Linux (Score:1, Interesting)

by Anonymous Coward

Raise your hand, here --

Why not just look to past stories? (Score:5, Informative)

by thegarbz ( 1787294 )

If you're going with the "Linux doesn't get ransomware" line I suggest you read this site called Slashdot. I mean we [1]talk [slashdot.org] [2]about [slashdot.org] [3]linux [slashdot.org] [4]ransomware [slashdot.org] [5]very [slashdot.org] [6]very [slashdot.org] [7]very [slashdot.org] [8]frequently. [slashdot.org]

[1] https://linux.slashdot.org/story/24/06/08/1936257/new-linux-version-of-ransomware-targets-vmware-esxi

[2] https://yro.slashdot.org/story/23/03/11/1816249/does-icefire-ransomware-portend-a-broader-shift-from-windows-to-linux

[3] https://it.slashdot.org/story/22/09/11/0314234/powerful-new-linux-malware-shikitega-uses-unusual-multi-stage-stealth

[4] https://linux.slashdot.org/story/22/09/03/1940245/attacks-on-linux-servers-rose-75-over-last-year-warn-security-researchers

[5] https://linux.slashdot.org/story/22/05/28/2243237/new-linux-based-ransomware-targets-vmware-servers

[6] https://it.slashdot.org/story/21/10/29/2115214/hive-ransomware-now-encrypts-linux-and-freebsd-systems

[7] https://linux.slashdot.org/story/19/11/24/1845253/nextcloud-linux-servers-targetted-by-nextcry-ransomware

[8] https://it.slashdot.org/story/19/09/09/2246218/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware

"enterprise-grade anti-ransomware" (Score:3)

by ffkom ( 3519199 )

That "enterprise-grade anti-ransomware" is probably a mediocre $$$$$$ "remote backup" service that comes with some "agent" software expected to be installed with root privileges on the systems to "protect", while actually creating a huge additional attack surface.

I'll stick to proven free backup software that writes to devices that are stored offline.

Net security gain? (Score:1)

by tarvin ( 644214 )

The vendor states "protecting these systems is often an afterthought". No, what would be an afterthought would be to install some (probably priviledged) system agent with no evidence of it resulting in a net security gain. Add-on agents are most often at best a new of for tech debt. I once ran across a server which had five management/"security" agents, several of them with CVEs. Unfortunately, if we don't start questioning this, it will likely get worse, as I've ranted about here: [1]https://troelsarvin.blogs [blogspot.com]

[1] https://troelsarvin.blogspot.com/2024/10/antivirus-software-considered-harmful.html

Marketing speech overload.... (Score:2)

by gweihir ( 88907 )

At least that is what I get from this "description". Not trust-inspiring at all.

Makes me want to go back to Sun Solaris (Score:2)

by jfdavis668 ( 1414919 )

Not sure if it is secure, but certainly no one's target.

Deliberation, n.:
The act of examining one's bread to determine which side it is
buttered on.
-- Ambrose Bierce, "The Devil's Dictionary"