We're a Forbes Top 20 Cybersecurity Startup to Watch!
With admins accessing Production Linux from home, you need to do better than just perimeter-level security. Cmd makes it easy to up-level protection inside mission-critical environments with better visibility, strong controls, and simple policies that keep data safe and stop breaches.
Production Linux environments are typically protected by VPNs, firewalls, WAFs, and all sorts of edge technologies. All too often, however, once you get inside the perimeter it’s the wild west. That’s why issues like lateral movement and privilege escalation can be so hard to spot – many companies just don’t have controls in place to enforce security policy after an attacker gets inside – or even the visibility to see it.
With a fully remote workforce, this problem gets compounded by the fact that perimeter bottlenecks are forcing security teams to open up access in ways they normally wouldn’t. As a result, you could be exposed in ways you don’t want to be.
Cmd runs directly on the hosts in your Production Linux environment to provide multiple layers of security that help you identify issues, see threats, and stop breaches. What makes Cmd so powerful is that it’s incredibly easy to set up and operate – so you can see what’s happening on your servers within minutes, and adapt quickly to the changing world and the threat landscape that comes with it.
One of the quickest security wins you can achieve in your cloud or datacenter is deploying 2FA. Cmd makes this typically complex project very easy. Use the authenticators you have (Google Authenticator, Duo, Yubico, and more), and a simple policy in Cmd completes deployment everywhere without cumbersome user provisioning. Protect every instance, track every identity even for shared accounts and root users, and boost your security posture dramatically.
When your workforce isn’t all in the same room, sharing information and best practices becomes an entirely new challenge. Cmd gives you unparalleled visibility into user activity through live session views as well as historical audit logs stored centrally for easy search and access. Browsing sessions is like looking over the user’s shoulder – complete with command lines, output and error, file diffs, and system context at the time of command execution. You can also connect commands to Slack or Team to authorize login or command execution in real-time.
Sometimes users do things in production they shouldn’t be doing, introducing operational risk to your mission-critical operation. Other times can be even scarier – hackers stealing credentials or escalating privileges to gain shell access deep inside your production environment. With Cmd you can spot anomalous user activity immediately through alerts that fire based on MITRE ATT&CK techniques as well as numerous other detection mechanisms, and shut down those sessions immediately.
As an industry, we’re all scrambling a bit right now. Employees are working from home, plans are being re-assessed, and meanwhile every security professional knows that amidst this chaos the adversary will be looking to take advantage of the situation. Security needs to stay on top of things, quickly.
Attackers thrive on chaos, which is why security remains a critical function even in these chaotic times. Phishing attacks are focused on your cloud, leading to a need for better privileged access control. Meanwhile, algorithms trying to detect abnormal behavior using geolocation and time-of-day all need to be retooled, otherwise your SOC will be overwhelmed by alert fatigue that’s all too common with a remote workforce. Cmd can help with all this.
We’re all in this together, which is why we need to learn from each other. Cmd customer and Flexport CISO Kevin Paige recently led a virtual roundtable on the impact of COVID-19 and how the transition to a remote workforce is impacting security teams. Read some of the highlights or check out the whole discussion here.
Lack of visibility and control inside the cloud or datacenter perimeter is not a new challenge. Check out this whitepaper, published by SANS, describing some of the core best practices that organizations must take to up-level security in Production Linux environments. Want to learn more? Listen to the author of this whitepaper, SANS instructor and security specialist Matt Bromiley discuss these topics on his recorded webcast.