Forcepoint Second Look (formerly Threat Protection for Linux)
Detect Potential Threats and Unauthorized Programs on Your Linux Systems
Gain the visibility you need for malware and other threats affecting your Linux-based servers so you can keep vital business processes flowing.
Linux is the platform of choice for cloud applications, Web infrastructure and other critical back-end services for many organizations. Undetected breaches of these systems can cost your organization dearly in terms of business downtime, reputation damage, reduced revenue and regulatory fines.
Forcepoint Second Look helps you detect risks within your Linux environment and understand what they are affecting so you can decide how to more effectively defeat them. It enables you to minimize attackers’ dwell time in your systems and get back to normal operations quickly and safely, avoiding downtime and reducing the chances of damage or leaks.
This solution is like an X-ray for your servers: it looks deep into the memory for each of your Linux systems — even if you have thousands of them distributed geographically — and then uses that information to detect any signs of trouble. Just like an X-ray shows a doctor where the trouble is, this solution helps your security team know exactly where to focus their efforts.
Forcepoint Second Look automates Linux memory forensics to verify the integrity of the kernel and processes on each server. It detects rootkits, backdoors, unauthorized processes and other signs of intrusions that may have penetrated all other defenses, and its memory forensics alerts can be easily integrated into any existing Security Incident Event Management (SIEM) system so that your team can carry out quick, in-depth investigation and response.
- Detects known and unknown Linux threats such as malware without relying on signatures that other solutions usually miss
- Rapidly scans thousands of systems with hundreds of gigabytes of memory
- Intelligently collects only the information needed to verify the integrity of a remote system's kernel and executable code in all processes, reducing time and expense
- Has minimal impact on monitored systems
- Leverages SSH infrastructure for network communication, eliminating the need for an always-running agent
- Provides flexibility and ease of implementation to enable your IT security team to quickly assess and interpret results
- Compatible with Linux distributions of kernel version 2.6 and higher for 32- and 64-bit x86 systems
- Configurable scanning engine for automated scans of remote systems
- Integrates with enterprise security information event management (SIEM) systems
- Extensive collection of reference software for both kernels and applications
- Easy-to-use GUI
- Output in JSON structured data format