/plushcap/analysis/datadog/linux-security-threat-detection-datadog

How to detect security threats in Linux processes

What's this blog post about?

Understanding the Linux process tree is crucial for detecting security threats, as it's difficult for attackers to fake or change. Monitoring launched shells and utilities can help identify malicious activities such as web shell attacks or unauthorized access attempts. Process data like environment variables and command-line arguments can provide insights into the scope of an attack. Datadog Cloud Workload Security helps detect threats in Linux processes by analyzing the process tree across all hosts and containers, automatically flagging suspicious behavior and providing full context around detected processes for effective threat response planning.

Company
Datadog

Date published
Aug. 19, 2021

Author(s)
Jordan Obey, Nick Davis

Word count
1013

Language
English

Hacker News points
3


By Matt Makai. 2021-2024.