Our Top Linux Security Posts of 2020


This has been a year unlike any other. From unprecedented disruption to the global economy and IT infrastructure to unimaginable new loads put on existing networks as tens of millions of employees shifted to work from home, enterprise organizations have been pushed headlong into digital transformation at incredible speed. 

Throughout the year, the Capsule8 blog discussed many of the pressing issues and challenges faced by organizations in a rapidly-shifting security environment. We’ve collected the top eight blog posts written in that time and summarized them all below for easy reference. 

What is the Linux Auditing System (aka AuditD)?

Kelly Shortridge provided a neutral overview of the Linux Auditing System to help those who are considering implementation in their organization to better understand what that process looks like, and what challenges might be faced. In this detailed discussion of AuditD, Kelly evaluates the role of the system, how it is generally deployed, and what is required for effective management of such a system. 

Grubbing Secure Boot the Wrong Way: CVE-2020-10713

In July, Eclypsium discovered the Bootlhole vulnerability in GRUB2. For systems using GRUB, it represented a substantial security hole. All Linux distros, many Windows implementations, and several others were affected by this vulnerability. Proposed solutions were generally considered problematic, to the point that the mitigation became potentially more damaging than possible attacks. This article gives a thorough rundown of what the buffer overflow vulnerability means and how companies should approach it. 

What is Container Security?

In the opening paragraph of her in-depth evaluation of container security, Kelly Shortridge notes that nobody really knows what container security means, but it’s provocative nonetheless. Because different teams use containers in different contexts, the term by itself doesn’t necessarily mean anything. To help clarify what is meant by container security and how it applies to your business, the article outlines the main benefits of each phase, with pros and cons, and the best potential vendors based on your use cases. 

Compliance in a Cloud-Native World

In part one of an extensive review of SOC2 Type 1 Audits, Cynthia Burke performs a deep dive on the key elements that are required to pass such an audit no matter what stage you are at. In the article, she provides a rundown of what SOC2 means for your team, the five primary trust service criteria of SOC2, and what companies need in place as an MVP. 

No More Tiers: Reimagining the Structure of SecOps

Kat Sweet dives into the question of tiering in security operations. Older models in particular often utilize a tiered approach, with individuals performing specific functions on a chain of escalation based on their specializations. The result is separations in seniority and specific job functions based on the tiers of security threats. Kat argues that the tiered model as best practice never made sense outside of particularly massive companies and that the same people can perform these functions as needed regardless of seniority. 

Security Delusions Part 1: A History of Cloud Compunction

Based on her earlier QCon talk, Kelly Shortridge presented a multi-part discussion of infosec gatekeeping when it comes to new technologies, and why it is so important for organizations and information security, in particular, to embrace new technologies to empower and enable the business. 

eBPF’s Rollercoaster of Pwn: An Overview of CVE-2020-8835

The CVE-2020-8835 vulnerability, discovered by Manfred Paul in April, can impact any Linux distro using kernels 5.5.0 or newer. Kelly Shortridge discusses what this vulnerability does, why it is so intriguing to the industry, and what organizations really need to worry about, including how to ensure they are protected from attackers who might attempt to utilize such an exploit. 

SOC 2 Compliance Playbook for Cloud-Native

In part two of Cynthia Burke’s discussion of SOC 2 audits, she introduces an MVP Playbook to help assess scope and ownership of controls to better select the trust service criteria to include, and perform a gap analysis to identify areas for necessary remediation. Included are several specific examples based on Common Criteria and what SOC 2 looks like and entails from the auditor’s perspective. 

Preparing for the Year Ahead

As we prepare for 2021, a year of transition and realization of new technological opportunities in many industries, it’s important to capture learning from as many sources as possible. We hope the above blog posts help prepare you for whatever comes next. 

In the meantime, if you’d like to learn more about Capsule8 and how we can help you protect your production Linux environments in 2021, request a demo today!