Hacker News new | ask | show | jobs
by opengears 619 days ago
In the mitigation section there is written 'Deploy Runtime Protection: Use advanced anti-malware and behavioral detection tools that can detect rootkits, cryptominers, and fileless malware like perfctl.' -- which tools can we currently use to detect perfctl?
1 comments
ykonstant 619 days ago
I hear Crowdstrike is king (≖ ͜ ≖)
link
doubled112 619 days ago
To be fair, a system that rebooted and won't come back up IS pretty secure.
link
AStonesThrow 619 days ago
No, because it's a denial of service.

C-I-A triad: Confidentiality, Integrity, Availability.

A dead system is confidential, and if that's your criterion, then fine, but legitimate users may require access to intact data and services.

link
doubled112 619 days ago
Sure, and availability in this sense is often forgotten, but I was only joking about Cloudstrike's ability to block malware.

A dead machine is difficult to infect with malware. You'd have to go out of your way to do so.

link