-->
We assisted a Silicon Valley-based security products company in porting their ransomware detection and prevention engine from Windows to Linux. This project enabled the client to offer robust protection against ransomware attacks on Linux platforms and helped reuse the same codebase minimising maintenance overheads.
Our client is a Silicon Valley company specializing in security products. They offer solutions to protect both unstructured data, such as files in a filesystem, and structured data, like databases. Their products are compatible with major Unix and Windows variants and operate within the kernel or user space based on the security assurances required by their clientele.
The client had a product that detects and prevents ransomware attacks on Windows by tracking the read and write patterns of processes. Once a process is marked as malicious, further I/Os from the process are blocked. This engine functions within the kernel space.
Port the ransomware engine to Linux.
Port test scripts from Windows to Linux.
Integrate the engine with the client's filesystem driver.
The Coriolis engineering team ported the ransomware engine to Linux, ensuring that the identical code could be utilized on both platforms. This approach allowed the client to maintain a single code base for both Linux and Windows, simplifying maintenance and updates.
The client aimed to add ransomware detection capabilities to their filesystem driver. The engineering team modified the filesystem driver to intercept all I/Os and pass them to the ransomware engine. This ensured comprehensive detection of any ransomware activity, as all types of I/Os were monitored.
The client's Windows team had a test suite that emulated common ransomware behaviors for conformance testing on new builds. The engineering team ported these tests to Linux, modifying Windows-specific tests to meet Linux standards. This ensured that the ransomware detection engine was rigorously tested on the Linux platform.
Successfully ported the ransomware detection engine to Linux, providing robust protection against ransomware attacks for Linux assets.
Ensured seamless integration of the ransomware engine with the client's filesystem driver, enabling comprehensive monitoring and detection of malicious activities.
Ported and modified the test scripts from Windows to Linux, ensuring thorough testing and validation of the ransomware engine on the Linux platform.
The Coriolis engineering team delivered a successful port of the client's ransomware detection and prevention engine to Linux. This project enabled the client to extend their robust ransomware protection to Linux platforms, safeguarding their customers' Linux assets from ransomware attacks. By maintaining a unified code base for both Windows and Linux, the client can efficiently manage and update their ransomware detection capabilities across different operating systems.