Second Look Banner
New: View Sample Second Look® Analysis Results Online!

Second Look®: Advanced Linux Threat Detection

Combating modern cyber adversaries with backward-looking signatures — indicators of their past activity — is a losing proposition. Attackers are virtually guaranteed an extended dwell time when you rely on signatures to detect their presence. Signature-less malware detection based on verifying code in memory is a far more effective approach.

With Second Look, you can ensure that Linux systems are running exactly the software they're supposed to be running, and nothing more. The power of memory forensics uncovers stealth malware and alerts on unknown or unexpectedly modified software. Second Look provides assurance that the programs and libraries in memory on Linux servers and workstations, from the kernel to system services and applications, are of known origin and have not been tampered with. Integrity verification detects both known and never-seen-before infections.

Second Look can be particularly useful for detecting artifacts of malware in memory such as [code] injection and system call manipulation...

Read more from the Malware Forensics Field Guide for Linux Systems

Second Look operates at enterprise scale and is architected for ease of deployment and integration. Whether you are investigating an incident now, or want to have the best shot at catching intrusions going foward: if you run Linux, Second Look is your tool. Use Second Look to minimize attacker dwell time, ascertain the scope of a compromise, gauge the success of remediation, and ensure that Linux systems throughout the enterprise are running the correct software load.

Our customers include the IT security teams of major corporations, firms which have investigated numerous high-profile security breaches, and government agencies responsible for protecting extraordinarily sensitive data. We support all Linux distributions, with extensive reference data collections to support the analysis and verification of systems running Amazon Linux, CentOS, Debian, Fedora, Oracle Linux, Red Hat Enterprise Linux (RHEL), and Ubuntu.

Contact us now to schedule a live demonstration!

Product Editions

The Professional edition provides memory acquisition and analysis tools to help you get right to the root of the problem when you're investigating a suspect system.

The Enterprise edition has all the features of the Professional edition, plus provides for memory forensics of remote systems over the network without full memory acquisition, automated scanning capabilities, and SIEM integration. It gives you the ability to scale your investigation across a large number of systems, as well as to receive proactive alerts to make you aware of potential malware or compromise.

Second Look Datasheet (PDF)

Mailing List

Sign up below to receive release announcements and product news.

Please use our contact form for sales, support, and other inquiries.