Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Security IT Linux

Halcyon Announces Anti-Ransomware Protection for Enterprise Linux Environments (linux-magazine.com) 14

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.

And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."
This discussion has been archived. No new comments can be posted.

Halcyon Announces Anti-Ransomware Protection for Enterprise Linux Environments

Comments Filter:
  • Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context.

    While not the same use case years ago the government site I worked with pushed McAfee for Linux on us and it was a performance killer. It also had "real-time" monitoring. Wonder how this stacks up to that software.

    • Re:Performance hit? (Score:5, Interesting)

      by ls671 ( 1122017 ) on Saturday October 12, 2024 @03:18PM (#64859651) Homepage

      It's probably not the same thing. The only way to offer real, fail-safe "ransomware protection" is to use snapshots and backups that can't be compromised. We have replicated snapshots taken every minute but of course we also try to not get hit in the first place and have measures in place for that too.

      Selling a solution where you rely exclusively on not getting hit in the first place wouldn't be really serious IMHO.

  • by Anonymous Coward
    Raise your hand, here --
    • by thegarbz ( 1787294 ) on Saturday October 12, 2024 @01:27PM (#64859453)

      If you're going with the "Linux doesn't get ransomware" line I suggest you read this site called Slashdot. I mean we talk [slashdot.org] about [slashdot.org] linux [slashdot.org] ransomware [slashdot.org] very [slashdot.org] very [slashdot.org] very [slashdot.org] frequently. [slashdot.org]

      • > I mean we talk about linux ransomware very very very frequently.

        Oh we talk about it a lot, almost like we wish it was a thing. People do *make* linux ransomware, but it doesnt do much. By by and large, there just isnt much of a real market for anti-ransomware for linux.

        Its like trying to sell a special helmet that prevents you from getting your head stuck in a bucket.

        People do sometimes get their head stuck in a bucket, its just not very common. And there are no shortage of bucket makers. But most peop

        • Sure. I mean you could stick your head in the sand or realise that the reason we talk about it is because it exists and is in active exploit. Something you'd know if you ever read ... Slashdot.

  • by ffkom ( 3519199 ) on Saturday October 12, 2024 @01:35PM (#64859469)
    That "enterprise-grade anti-ransomware" is probably a mediocre $$$$$$ "remote backup" service that comes with some "agent" software expected to be installed with root privileges on the systems to "protect", while actually creating a huge additional attack surface.

    I'll stick to proven free backup software that writes to devices that are stored offline.
    • I am all in favor of offline backups, can't argue against that. All these agents running as root can't be great for sure. I am curious how you are performing backups without root though? Are they not complete backups of the system (e.g. they don't include files which are only readable by root)?
    • That "enterprise-grade anti-ransomware" is probably a mediocre $$$$$$ "remote backup" service

      Or you could actually read up on what it really is, user activity / network activity monitoring and cut-off tool. Incidentally their service provides zero remote backup and has nothing to do with backup.

      Please try and be better. You can learn so much about the world if you choose to read rather than just post made up rubbish from the top of Mt Ignorance.

  • The vendor states "protecting these systems is often an afterthought". No, what would be an afterthought would be to install some (probably priviledged) system agent with no evidence of it resulting in a net security gain. Add-on agents are most often at best a new of for tech debt. I once ran across a server which had five management/"security" agents, several of them with CVEs. Unfortunately, if we don't start questioning this, it will likely get worse, as I've ranted about here: https://troelsarvin.blogs [blogspot.com]
  • At least that is what I get from this "description". Not trust-inspiring at all.

  • Not sure if it is secure, but certainly no one's target.
  • What is up with this corpo techno-babble?? What does this actually do, and how does it protect Linux against ransomware? Unless you got some seriously elevated access on a server, I do not think ransomware will get far.

Experiments must be reproducible; they should all fail in the same way.

Working...