Second Look Banner

Second Look®: Linux Threat Detection and Response

Linux is everywhere in the modern enterprise—in cloud deployments, web infrastructure, and many business-critical back-end services. And it is increasingly attacked—at mass scale by cybercriminals and in targeted operations by motivated attackers.

Promoting verifiable Linux-based IT infrastructure

Trying to combat ever-evolving adversaries with backward-looking signatures (indicators of their past activity) is a losing proposition. Threat detection based on verifying code and data in memory is a far more effective approach. With Second Look, ensure that Linux systems are running exactly the software they're supposed to be running, and nothing more. The power of memory forensics uncovers stealth malware and alerts on unknown or unexpectedly modified software.

Second Look can be particularly useful for detecting artifacts of malware in memory such as memory injection and system call manipulation...

Read more from the Malware Forensics Field Guide for Linux Systems

Dedicated to the detection of novel, targeted, and rapidly changing malware

When an attack hasn't yet been uncovered by researchers and the malware involved hasn't yet been analyzed, signature-based detection isn't possible. Second Look provides unparalleled assurance that the programs and libraries in memory on Linux servers and workstations, from the kernel to system services and applications, are of known origin and have not been tampered with. There is no more effective tool available for detecting both known and never-seen-before rootkits, backdoors, and other unauthorized processes on Linux systems.

Tabs within Second Look provide easy access to the extracted information associated with each process...

Read more from the Malware Forensics Field Guide for Linux Systems

Architected for scalable deployment and ease of integration

Whether you are investigating an incident now, or want to have the best shot at catching intrusions going foward: if you run Linux, Second Look is your tool. Use Second Look to minimize attacker dwell time, ascertain the scope of a compromise, gauge the success of remediation, and ensure that Linux systems throughout the enterprise are running the correct software load.

Second Look is a powerful tool for detecting potential [malware] concealment techniques...

Read more from the Malware Forensics Field Guide for Linux Systems

Our customers include the IT security teams of major corporations, firms which have investigated numerous high-profile security breaches, and government agencies responsible for protecting extraordinarily sensitive data. We support all Linux distributions, with extensive reference data collections for Amazon Linux, CentOS, Debian, Fedora, Oracle Linux, Red Hat Enterprise Linux (RHEL), and Ubuntu.

See Second Look in action!

The demo video below shows Second Look using live memory analysis of a remote target system to detect an unauthorized process running there. After the process is hidden with a rootkit, not only can Second Look still see the suspect process, it also produces additional alerts on the rootkit itself.

Product Editions

The Incident Response edition provides memory acquisition and analysis tools to help you get right to the root of the problem when you're investigating a suspect system.

The Enterprise Security edition has all the features of the IR edition, plus provides real-time memory forensics of remote systems that scales across large deployments for instant investigation and automated scanning. It produces highly-actionable alerts that can easily feed into security event management systems.

Second Look Datasheet (PDF)

Mailing List

Sign up below to receive release announcements and product news.

Please use our contact form for sales, support, and other inquiries.