Novell added to its Linux security portfolio today with its purchase of security vendor Immunix, which has been a player in the Linux security space since its inception in 1998.
One of Immunix’ contributions is the Linux Security Modules (LSM) framework, a key part of how the Linux kernel 2.6 implements security policies. LSM is used by loadable kernel modules and provides security hooks that control operations of various kernel objects.
Financial terms of the deal were not available by press time.
In addition to the purchase, Novell announced a new product called AppArmor, which is based on Immunix technology. The product provides a policy-based approach for application behavior enforcement intended to protect against malicious activities.
It contains more than 30 pre-built security profiles, encompassing MySQL, DNS, Squid, Sendmail, Samba, OpenSSH, FTP, DHCP and Apache applications, among others. And a wizard-based approach allows users to develop new policies and customize existing policies for applications, as well.
Novell officials said AppArmor promises to protect against known and unknown vulnerabilities, which will help enterprises defend themselves against so-called zero-day attacks.
Both SELinux and AppArmor provide application security through access controls that confine programs and users. The two applications also utilize LSM. However, despite their similarities, Novell claims AppArmor has a number of distinct advantages.
According to Ed Anderson, vice president of product marketing for Novell, AppArmor is easier to learn and deploy, offers more granular security, delivers lower performance overhead and provides higher scalability.
AppArmor is also being positioned by Novell as a complement to Security Manager, which the company announced in February.
“Novell AppArmor protects against software misbehavior, and Novell Security Manager protects against user misbehavior,” Anderson explained. “Together, Novell Security Manager and Novell AppArmor are part of an effective defense-in-depth strategy for the enterprise.”