VAJRA: Indigenous End-point Detection and Response Tool for Securing Linux Systems
By Prof. Manjesh K. Hanawal
Abstract
Cybersecurity threats have significantly increased in recent years with the increased adaptions of digital platforms. If attackers can compromise any node with vulnerable applications, they can put the whole enterprise at risk. To mitigate such threats, one has to actively monitor the activities of all the nodes in an enterprise, to keep it safe.
We demonstrate the VAJRA tool for Endpoint Detection and Response (EDR) for Linux systems. Vajra is an indigenous product developed at IIT Bombay. It collects system logs of the endpoints at the kernel level using a custom-built Osquery. The logs are centrally monitored and correlated across the endpoints to detect any malicious activities, lateral movements, and privilege escalations. Vajra generate alters for any malicious attacks based on rules sets covering the major tactics and techniques of the MITRE ATT&CK framework.
Further, the threat hunting features of Vajra help in faster investigation of incidences. The main features of Vajra are:
— Real-time pre-infection filtering and protection of all devices without manual intervention.
— Continuous update of detection techniques for new malware attacks
— In-house R&D and support for new threats
— Scalable and cost-effective. Supports multi-tenancy
— Customizable to the needs of organizations
— Easy integration with other SIEM tools
— Supports indigenous BOSS operating systems.
Vajra is designed to support container security and automated threat detection based on AI/ML techniques. We will demonstrate some of the recent attacks that can be detected by Vajra.