// 01, The Client
Their Windows product was selling. Their Linux customers had nothing.
Carbon Black was the leader in Next-Generation Endpoint Security, a firm whose application whitelisting technology had redefined what endpoint protection looked like. Their software detected malicious behavior and blocked malicious files from attacking organizations including the U.S. government and at least 30 Fortune 100 companies.
Their Windows product was selling. Their Linux customers had nothing.
// 02, The Challenge
Building a Linux kernel security module isn’t a port. It’s a ground-up engineering problem.
Taking a Windows security application to Linux isn’t a matter of recompiling code. The Linux kernel has its own architecture, its own interception mechanisms, and its own rules for what a security module can and can’t do. Everything has to be built to work within that environment reliably, without degrading performance, and in a way that holds up commercially across the range of Linux distributions and configurations Carbon Black’s customers run.
Carbon Black needed a team that could evaluate, prototype, and develop kernel interception techniques for Linux, techniques that meshed with the existing kernel architecture while meeting reliability, compatibility, performance, and commercialization requirements. That’s a precise and demanding combination.
// 03, What Geisel Built
Carbon Black’s initial Linux product, from the ground up.
Linux Kernel Security Module for Endpoint Protection
Geisel wrote Carbon Black’s initial Linux product from the ground up. The application is a Linux security module that integrates into the Linux kernel to provide an additional layer of protection against malicious threats, the same application whitelisting capability that made Carbon Black’s Windows product a market leader, rebuilt for the Linux environment from first principles.
The scope of the work was deep. The project spanned module loading, file compilation, linking and execution, memory mapping, and compiling C++ into the Linux kernel itself. This was a highly invasive kernel project, the kind of low-level systems work that requires both the technical depth to get it right and the engineering judgment to get it right without destabilizing the systems it runs on.
Ongoing Performance and Security Consultation
Beyond the initial build, Geisel continued to consult with Carbon Black on the performance and security of the application. Kernel-level software doesn’t ship and stay static. Threats evolve, kernel versions change, and performance characteristics shift as deployment environments diversify. Geisel’s ongoing involvement ensured the product stayed current with what Carbon Black’s customers needed.
Carbon Black brought Geisel back for a second program before the first one was finished.
// 04, The Result
Eight months to parity with the market-leading Windows product.
Eight months after the project started, Carbon Black’s Linux users had the same endpoint security capability their Windows counterparts had been relying on. According to Carbon Black’s chief architect and director of engineering, Geisel’s leadership, expertise, and professionalism were instrumental in bootstrapping the development of their Linux offering.
A security firm’s credibility rests entirely on whether their software actually works. Geisel built the foundation that Carbon Black’s Linux customers stake their security on.
Geisel’s approach is truly one of partnership. They work with you to understand the problem and solution, and once on the job, they work with you as part of the team until it’s solved. The best recommendation? When I had other work, this time in the Web services space, Geisel Software was the one I called.
Chris Lord · Chief Architect and Director of Engineering, Carbon Black
