Using Spyderbat for our SecOps

How Client Support Software uses Spyderbat to secure its cloud native environment

Client Support Software (CSS) is a leading provider of enterprise relationship management solutions for the debt and housing counseling industries. We help our clients streamline their workflows, improve their customer service, and grow their businesses.

As a cloud native company, we rely on Linux VMs and FreeBSD Jails to run our applications and services. Our hosted PBX solution integrates with our CRM software. It runs on Linux and we practice locking access down to reduce the attack surface as much as possible. However, we also face various security challenges in this dynamic and complex environment, such as:

  • Application drift: As we deploy new versions of our software, we need to ensure that they behave as expected and do not introduce any vulnerabilities or performance issues.
  • Supply chain attacks: We use third-party components and libraries in our software development lifecycle (SDLC), which could be compromised by malicious actors or contain hidden backdoors.
  • Zero-day exploits: We need to protect our systems from unknown threats that target unpatched vulnerabilities or exploit novel techniques.

To address these challenges, we partnered with Spyderbat, a cloud native runtime security platform that uses eBPF (extended Berkeley Packet Filter) technology to provide unparalleled visibility and protection for Linux VMs. With over two decades of experience hosting and building Customer Relationship software, we became a Spyderbat Design Partner. This allowed us to provide feedback on use cases that would help tune the product for our usage needs and help those with similar workflows.

Spyderbat is a game changer for us because it gives us the ability to harden our Linux cloud runtime environments and keep our applications rolling. Here are some of the benefits we get from using Spyderbat:

Flashback: Time travel for troubleshooting

Spyderbat’s Flashback feature is like having a continuous runtime digital recorder. It allows us to go back in time and see every step that led to an event of interest, such as a service interruption or operational changes made as a result of a software update.

With Flashback, we can eliminate the pain of scanning logs or reproducing errors. We can instantly pinpoint the root cause of any issue by viewing OS kernel traces that reveal every process, file, network, user, syscall, signal, etc. involved in the causal chain.

Flashback also provides early warning signs of troubling traces by alerting us when it detects anomalies or suspicious behaviors. This helps us proactively prevent problems before they escalate or impact our customers.

Guardian: Application drift detection

Spyderbat’s Guardian feature enables us to reduce interruptions by automatically comparing running applications against prior versions. It alerts us when it detects application drift, which could indicate bugs, performance degradation, or security breaches.

With Guardian, we can end application drift by having the insight to instantly course correct and get our application back on rack.

Interceptor: Signatureless attack prevention

Spyderbat’s Interceptor feature provides automated runtime attack eradication that stops attackers in their tracks using kernel-level eBPF data. It can instantly detect and surgically block problematic traces as they begin to unfold, without relying on signatures or rules.

With Interceptor, we can block attacks targeting known or even unknown vulnerabilities, including:

  • Supply-chain attacks
  • Data exfiltration
  • Malware, Ransomware, and Cryptojacking
  • Zero-Day attacks

Spydertraces: Visual overview of Organization

Sometimes, an image is worth a thousand words. In this case, the causal graphs provided by Spyderbat are worth more than a thousand seconds. Being able to visually see connections and relationships between Linux VMs, processes, and network connections, we are able to quickly get a conceptual grasp of what activity is transpiring throughout our server deployments. This allows us to ask better questions about how we can further secure our infrastructure and saves valuable time by answering existing security questions.

Together, these features allow us to stay ahead of security threats, and focus on providing excellent service to our customers.