VAJRA: Indigenous End-point Detection and Response Tool for Securing Linux Systems
By Prof. Manjesh K. Hanawal
Abstract:
Cybersecurity threats have significantly increased in recent years with the increased adaptions of digital platforms. If attackers can compromise any node with vulnerable applications, they can put the whole enterprise at risk. To mitigate such threats, one has to actively monitor the activities of all the nodes in an enterprise, to keep it safe.
We demonstrate the VAJRA tool for Endpoint Detection and Response (EDR) for Linux systems. Vajra is an indigenous product developed at IIT Bombay. It collects system logs of the endpoints at the kernel level using a custom-built Osquery. The logs are centrally monitored and correlated across the endpoints to detect any malicious activities, lateral movements, and privilege escalations. Vajra generate alters for any malicious attacks based on rules sets covering the major tactics and techniques of the MITRE ATT&CK framework.
Further, the threat hunting features of Vajra help in faster investigation of incidences. The main features of Vajra are
— Real-time pre-infection filtering and protection of all devices without manual intervention.
— Continuous update of detection techniques for new malware attacks
— In-house R&D and support for new threats
— Scalable and cost-effective. Supports multi-tenancy
— Customizable to the needs of organizations
— Easy integration with other SIEM tools
— Supports indigenous BOSS operating systems.
Vajra is designed to support container security and automated threat detection based on AI/ML techniques. We will demonstrate some of the recent attacks that can be detected by Vajra.
Biography:
rof. Manjesh K. Hanawal received the M.S. degree in ECE from the Indian Institute of Science, Bangalore, India, in 2009, and the Ph.D. degree from INRIA (The Inria centre at Université Côte d’Azur), Sophia Antipolis, France, and the University of Avignon, France, in 2013. After two years of postdoc at Boston University, he joined Industrial Engineering and Operations Research at the Indian Institute of Technology Bombay, Mumbai, India where he is an associate professor now. His research interests include Communication networks, Machine learning, and Cybersecurity. Before joining academia, he worked at the Centre for Artificial Intelligence and Robotics (CAIR), Defence Research and Development Organisation (DRDO), Bangalore on various security-related projects.
He is a recipient of Inspire Faculty Award from The Department of Science and Technology (DST) and the Early Career Research Award from the Science and Engineering Research Board (SERB).