arcanadefense

binaryWatch

binaryWatch looks at Executable Linking Format (ELF) executable files, shared Libraries, and Kernel Drivers and rapidly confirms integrity by detecting indicators of compromise including rootkit infections, backdoors, or parasitic code such as viruses. This is extremely important to validate the integrity of the software that is running on a Linux system.

This technology can easily be ported to FreeBSD and other UNIX-like OS’s that routers and other types of networking servers use.​

binaryWatch use cases:​

Intrusion Detection System, where every system downloaded executable and any program that is launched for execution is scanned by binaryWatch to be sure they are safe before runtime.​

Proxy service that runs on a network and scans every new executable file that comes into the network. Binaries that have been backdoored or are found to be infected with some type of malware will be immediately quarantined.​

Everyday use of Ubuntu/Redhat and other distros (including those OS’s that are based on Linux and FreeBSD that are running routers) rely on the software they are running to already be verified with integrity- based on the key-signing. This key-signing approach to confirm the integrity of executable files only works if an attacker hasn’t compromised the servers that is hosting the key signing server, or the server that is hosting a download repository for various Linux repositories. Companies must take the extra step to validating the integrity of their binaries before launching them into production or allowing users to download them… and this is a very important place where binaryWatch comes into play.​