How Red Hat Insights tackles malware head-on

The rise of the menaces

Linux is often regarded as a more secure operating system, but it isn't impervious to malware threats. 

In recent years, there has been a notable increase in the quantity and types of Linux malware. Cyber attackers are turning their attention to Linux-based systems for a range of purposes:

• Data theft
• File encryption
• Cryptocurrency mining
• Launching distributed denial-of-service (DDoS) attacks

Linux malware can infiltrate a system through various means, making it crucial to stay vigilant. These infection methods include:

• Exploiting unpatched vulnerabilities
• Exploiting weak authentication mechanisms
• Exploiting server misconfigurations
• Tricking users into executing malicious files

Linux users and administrators must remain aware of these evolving threats and take proactive measures to help protect their systems from potential malware attacks.

If you're seeking a way to efficiently manage and enhance the security posture of your Red Hat Enterprise Linux (RHEL) environment, you should definitely give Red Hat Insights a try. 

Insights is a cloud-based SaaS (Software as a Service) offering included in a RHEL subscription, providing proactive analytics and automation capabilities for your systems. Insights can assist with many tasks, including compliance checks, vulnerability management, malware detection, configuration drift detection and remediation and event-triggered automation.

This blog post provides you an overview of some of the key features and benefits of Insights. It guides you through them, so you can then use them in your environment.

Assessing compliance and generating reports

Based on the industry and applicable regulations, companies are often subject to strict policies when it comes to IT security and systems compliance. This makes it crucial to adhere to best practices, remediate drifts as they occur and proactively maintain a strong system configuration and associated security level. With Insights, you can check how well your RHEL systems comply with various security standards, such as PCI-DSS, HIPAA, CIS and more. You can also leverage the OpenSCAP scanner to run compliance scans and get detailed reports that show you the outcomes and recommended actions for each rule. 

Insights offers the possibility of connecting the online tools to your systems, whether on-premises or in the public/private/hybrid cloud, using the Remote Host Configuration client. It allows you to run remediation actions via Ansible Playbooks directly on your systems, with a single click, at scale.

By using Insights, you can track and improve your RHEL environment's compliance level, potentially helping to avoid the consequences of breaches, fines or audits.

Identifying and addressing vulnerabilities

When dealing with a large number of systems, especially in a production environment, it is crucial to react quickly to vulnerabilities affecting your RHEL systems. Insights can support you with an integrated vulnerability report and remediation functionality that will constantly check and analyze your systems against the Common Vulnerabilities and Exposures (CVE) database. 

The CVE report provides a clear overview of each vulnerability's severity, impact and resolution status, along with details regarding the affected systems and packages. For every CVE, any available action to resolve and address it can be automated with platform-generated playbooks, and you will have the choice to run them in the way that is best for your environment:

• Directly from the Insights console using the Remote Host Configuration client
• Importing them into Red Hat Ansible Automation Platform
• Downloading and running them offline

The generated playbooks are focused and aimed to resolve vulnerabilities, while also helping to inform you if a reboot is required and providing measures to mitigate or eliminate potential downtime. These playbooks are also designed to have a minimal impact on systems operations during the process.

The CVE report and automatic remediation features are essential for organizations keen on maintaining the security and up-to-date status of their RHEL systems. Through Insights, you can more effectively detect and resolve vulnerabilities that threaten your RHEL environment, delivering proactive safeguards against potential attacks or exploits.

Malware detection and prevention

The malware detection service on Insights uses YARA pattern-matching software and malware detection signatures from the IBM X-Force Threat Intelligence team to look for malware on your systems. It provides a wide range of information about the threat, impacted systems and the risk level of the infection.

You can see the scan results on the Insights malware detection page, which gives you information about each signature match, such as the name, description, reference and location of the malware. You can also use Ansible Playbooks to help eliminate or isolate the malware files or processes.

When dealing with mission-critical systems, malware detection can be crucial to keep RHEL systems safe from harmful software that can damage data or operations. Insights helps you spot and remove malware from your RHEL environment and to improve your overall security posture and system reliability.

Event-driven automation made easy

Insights also works well with Event-Driven Ansible, which lets you automate responses to different events in your IT environment. Changing the automation paradigm from imperative to reactive automation, Event-Driven Ansible makes it possible for internal and external systems like monitoring tools, ITSM solutions and cloud services to become sources of events. Webhooks, logs ingestion, alerts and events are turned into actionable tasks using an event processor that allows customers to implement their own logic and actions based on it.

Thanks to the integration of Insights and a dedicated event source plugin, Event-Driven Ansible can open new possibilities for many automation scenarios, such as automatic remediation, ITSM integration based on Insights events, information enrichment to ingest third-party monitoring systems and much more.

Wrap up

Insights stands out as a great companion to view, manage and proactively remediate systems at scale with its wide range of features that can help you with:

• Compliance assessment and remediation
• Vulnerability management
• Malware detection
• Patch management

By using Insights, you can get more visibility and control over your RHEL systems and enhance their performance and security. Insights comes at no additional cost with every RHEL subscription.

If you want to learn more about Insights or try it out for yourself, you can visit the Red Hat Insights page or contact us.