CIQ Previews a Security-Hardened Enterprise Linux

CIQ is best known as the founding company behind the CentOS-variant Rocky Linux. Recently, though, it’s been flexing its muscles in the enterprise Linux space; first when it started to offer a business support contract for Rocky Linux from CIQ (RLC) and now with a technical preview for Rocky Linux from CIQ – Hardened.

Hardened, an Enterprise Linux designed to meet the most stringent security requirements. This enhanced operating system is tailored for mission-critical environments, offering robust security features to combat the increasing sophistication and volume of cyberthreats.

How, you ask? This security-first version comes with:

1. System Level Hardening: This version minimizes zero-day and CVE risks by eliminating many potential attack surfaces and common exploit vectors. It includes code-level hardening that blocks commonly used exploit paths, reducing the risk of successful attacks.
2. Advanced Threat Detection: It utilizes the Linux Kernel Runtime Guard (LKRG) to detect sophisticated intrusions that evade traditional security measures. This proactive approach helps identify and mitigate threats before they become major issues.
3. Strong Access Controls: Featuring advanced password hashing, strict authentication policies, and hardened access controls. These measures enhance the security of user authentication and access to system resources124.
4. Accelerated Risk Mitigation: The system addresses security threats ahead of standard updates, significantly reducing exposure time. This ensures that organizations are protected from vulnerabilities more quickly than with traditional update cycles.
5. Secure Supply Chain: All packages are validated and delivered via a secure supply chain, ensuring that the operating system is delivered securely and is always up to date.
6. Proactive Security Approach: Unlike many distributions that focus on fixing individual CVEs, Rocky Linux from CIQ – Hardened aims to proactively mitigate entire classes of similar bugs that are not yet discovered or patched.
7. Premium Support: It offers premium support from experienced Linux security experts, providing assistance in troubleshooting and addressing unique security needs.

In a statement, Alexander Peslyak (aka Solar Designer), lead for the Openwall project for two decades and now a CIQ employee, said. “While most distributions still fix individual CVEs one at a time, Rocky Linux from CIQ — Hardened will fix CVEs and also learn and introduce changes so it can proactively mitigate entire classes of similar bugs that are not yet discovered or patched.”

The business motivation for this distro, according to CIQ CEO Gregory Kurtzer, was driven by conversations with security-concerned IT executives. The goal is to provide a fortified software infrastructure that addresses vulnerabilities and enhances the security of enterprise applications and services.

The technical preview is already available for sign-up, with an official launch planned for March 20. Want to know more? A webinar discussing detailed features of Hardened is scheduled for March 19.