Linux clouds are becoming more attractive targets for the adversary because more and more critical information is being stored within them. Attackers quickly gain shell access, use native Linux tools to conduct reconnaissance, and move laterally from machine to machine. Most security solutions fail to provide visibility and detection for these Linux-specific techniques. That leaves security teams lacking in the detailed telemetry they need to investigate and neutralize these threats.
Cmd provides high-fidelity telemetry and incident response for Production Linux. Our solution was built Linux-first, to provide readable and detailed information needed to quickly respond to threats. Cmd’s deep understanding of Linux-specific attack patterns is modeled on the MITRE ATT&CK framework, providing SOC analysts and incident responders with the telemetry they need to shed light on advanced Linux threats.