mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
translated
This commit is contained in:
geekpi
parent
63ec6e6a8d
commit
4290d23efe
@ -1,86 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Linux security: Cmd provides visibility, control over user activity)
|
||||
[#]: via: (https://www.networkworld.com/article/3342454/linux-security-cmd-provides-visibility-control-over-user-activity.html)
|
||||
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
|
||||
|
||||
Linux security: Cmd provides visibility, control over user activity
|
||||
======
|
||||
|
||||
|
||||
|
||||
There's a new Linux security tool you should be aware of — Cmd (pronounced "see em dee") dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.
|
||||
|
||||
Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.
|
||||
|
||||
### How Cmd differs from traditional Linux security controls
|
||||
|
||||
The leaders at Cmd — Milun Tesovic and Jake King — say organizations cannot confidently predict or control user behavior until they understand how users work routinely and what is considered “normal.” They seek to provide a tool that will granularly control, monitor, and authenticate user activity.
|
||||
|
||||
Cmd monitors user activity by forming user activity profiles (characterizing the activities these users generally perform), noticing abnormalities in their online behavior (login times, commands used, user locations, etc.), and preventing and reporting certain activities (e.g., downloading or modifying files and running privileged commands) that suggest some kind of system compromise might be underway. The product's behaviors are configurable and changes can be made rapidly.
|
||||
|
||||
The kind of tools most of us are using today to detect threats, identify vulnerabilities, and control user privileges have taken us a long way, but we are still fighting the battle to keep our systems and data safe. Cmd brings us a lot closer to identifying the intentions of hostile users whether those users are people who have managed to break into accounts or represent insider threats.
|
||||
|
||||
![1 sources live sessions][1]
|
||||
|
||||
View live Linux sessions
|
||||
|
||||
### How does Cmd work?
|
||||
|
||||
In monitoring and managing user activity, Cmd:
|
||||
|
||||
* Collects information that profiles user activity
|
||||
* Uses the baseline to determine what is considered normal
|
||||
* Detects and proactively prevents threats using specific indicators
|
||||
* Sends alerts to responsible people
|
||||
|
||||
|
||||
|
||||
![2 triggers][3]
|
||||
|
||||
Building custom policies in Cmd
|
||||
|
||||
Cmd goes beyond defining what sysadmins can control through traditional methods, such as configuring sudo privileges, providing much more granular and situation-specific controls.
|
||||
|
||||
Administrators can select escalation policies that can be managed separately from the user privilege controls managed by Linux sysadmins.
|
||||
|
||||
The Cmd agent provides real-time visibility (not after-the-fact log analysis) and can block actions, require additional authentication, or negotiate authorization as needed.
|
||||
|
||||
Also, Cmd supports custom rules based on geolocation if user locations are available. And new policies can be pushed to agents deployed on hosts within minutes.
|
||||
|
||||
![3 command blocked][4]
|
||||
|
||||
Building a trigger query in Cmd
|
||||
|
||||
### Funding news for Cmd
|
||||
|
||||
[Cmd][2] recently got a financial boost, having [completed of a $15 million round of funding][5] led by [GV][6] (formerly Google Ventures) with participation from Expa, Amplify Partners, and additional strategic investors. This brings the company's raised funding to $21.6 million and will help it continue to add new defensive capabilities to the product and grow its engineering teams.
|
||||
|
||||
In addition, the company appointed Karim Faris, general partner at GV, to its board of directors.
|
||||
|
||||
Join the Network World communities on [Facebook][7] and [LinkedIn][8] to comment on topics that are top of mind.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3342454/linux-security-cmd-provides-visibility-control-over-user-activity.html
|
||||
|
||||
作者:[Sandra Henry-Stocker][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://images.idgesg.net/images/article/2019/02/1-sources-live-sessions-100789431-large.jpg
|
||||
[2]: https://cmd.com
|
||||
[3]: https://images.idgesg.net/images/article/2019/02/2-triggers-100789432-large.jpg
|
||||
[4]: https://images.idgesg.net/images/article/2019/02/3-command-blocked-100789433-large.jpg
|
||||
[5]: https://www.linkedin.com/pulse/changing-cybersecurity-announcing-cmds-15-million-funding-jake-king/
|
||||
[6]: https://www.gv.com/
|
||||
[7]: https://www.facebook.com/NetworkWorld/
|
||||
[8]: https://www.linkedin.com/company/network-world
|
||||
@ -0,0 +1,87 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Linux security: Cmd provides visibility, control over user activity)
|
||||
[#]: via: (https://www.networkworld.com/article/3342454/linux-security-cmd-provides-visibility-control-over-user-activity.html)
|
||||
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
|
||||
|
||||
Linux 安全:Cmd 提供可视化控制用户活动
|
||||
======
|
||||
|
||||
|
||||
|
||||
你应该知道一个新的 Linux 安全工具--Cmd(读作 “see em dee”)极大地改变了可以对 Linux 用户进行控制的类型。它远远超出了传统的用户权限配置,,并在监视和控制用户能够在 Linux 系统上运行的命令方面发挥积极作用。
|
||||
|
||||
它由同名公司开发,Cmd 专注于云应用。鉴于越来越多的应用迁移到依赖于 Linux 的云环境中,可用工具的缺口使得难以充分实施所需的安全性。而且,Cmd 还可用于管理和保护本地系统。
|
||||
|
||||
### Cmd 与传统 Linux 安全控件的区别
|
||||
|
||||
Cmd 公司的领导 Milun Tesovic 和 Jake King 表示,组织无法自信地预测或控制用户行为,直到他们了解了用户日常如何工作以及什么认为是“正常”。他们寻求提供一种能够精细控制、监控和验证用户活动的工具。
|
||||
|
||||
Cmd 通过形成用户活动配置文件(表示这些用户通常进行的活动)监视用户活动,注意其在线行为的异常(登录时间、使用的命令、用户位置等),以及预防和报告某些意味着系统攻击的活动(例如,下载或修改文件和运行特权命令)。产品的行为是可配置的,可以快速进行更改。
|
||||
|
||||
我们大多数人如今用来检测威胁、识别漏洞和控制用户权限的工具已经花费了很长的时间,但我们仍在努力保持系统和数据的安全。Cmd 让我们更能够确定恶意用户的意图,无论这些用户是设法侵入帐户还是代表内部威胁。
|
||||
|
||||
![1 sources live sessions][1]
|
||||
|
||||
查看实时 Linux 会话
|
||||
|
||||
### Cmd 如何工作?
|
||||
|
||||
在监视和管理用户活动时,Cmd:
|
||||
|
||||
* 收集描述用户活动的信息
|
||||
* 使用基线来确定什么是正常的
|
||||
* 使用特定指标检测并主动防止威胁
|
||||
* 向负责人发送警报
|
||||
|
||||
|
||||
|
||||
![2 triggers][3]
|
||||
|
||||
在 Cmd 中构建自定义策略
|
||||
|
||||
Cmd 扩展了系统管理员通过传统方法控制的内容,例如配置 sudo 权限,提供更精细和特定情境的控制。
|
||||
|
||||
管理员可以选择可以与 Linux 系统管理员管理的用户权限控制分开管理的升级策略。
|
||||
|
||||
Cmd 客户端提供实时可视化(不是事后日志分析),并且可以阻止操作,它需要额外的身份验证或根据需要协商授权。
|
||||
|
||||
此外,如果存在用户位置,Cmd 支持基于地理定位的自定义规则。并且可以在几分钟内将新策略推送到部署在主机上的客户端。
|
||||
|
||||
![3 command blocked][4]
|
||||
|
||||
在 Cmd 中构建触发器查询
|
||||
|
||||
|
||||
### Cmd 的融资新闻
|
||||
|
||||
[Cmd][2] 最近完成了由 [GV][6] (前身为 Google Ventures)领投,Expa、Amplify Partners 和其他战略投资者跟投的 [1500 万美元的融资][5]。这使该公司的融资金额达到了 2160 万美元,这将帮助其继续为该产品增加新的防御能力并发展其工程师团队。
|
||||
|
||||
此外,该公司还任命 GV 的普通合伙人 Karim Faris 为董事会成员。
|
||||
|
||||
在 [Facebook][7] 和 [LinkedIn][8] 中加入 Network World 社区,评论顶部话题。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3342454/linux-security-cmd-provides-visibility-control-over-user-activity.html
|
||||
|
||||
作者:[Sandra Henry-Stocker][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://images.idgesg.net/images/article/2019/02/1-sources-live-sessions-100789431-large.jpg
|
||||
[2]: https://cmd.com
|
||||
[3]: https://images.idgesg.net/images/article/2019/02/2-triggers-100789432-large.jpg
|
||||
[4]: https://images.idgesg.net/images/article/2019/02/3-command-blocked-100789433-large.jpg
|
||||
[5]: https://www.linkedin.com/pulse/changing-cybersecurity-announcing-cmds-15-million-funding-jake-king/
|
||||
[6]: https://www.gv.com/
|
||||
[7]: https://www.facebook.com/NetworkWorld/
|
||||
[8]: https://www.linkedin.com/company/network-world
|
||||
Loading…
Reference in New Issue
Block a user