There's a new Linux security tool you should be aware of \u2014 Cmd (pronounced\u00a0"see em dee")\u00a0dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.\nProvided by a company of the same name, Cmd focuses on cloud usage.\u00a0Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.\n\nHow Cmd differs from traditional Linux security controls\nThe leaders at Cmd \u2014 Milun Tesovic and Jake King \u2014 say organizations cannot confidently predict or control user behavior until they understand how users work routinely and what is considered \u201cnormal.\u201d They seek to provide a tool that will granularly control, monitor, and authenticate user activity.\nCmd monitors user activity by forming user activity profiles (characterizing the activities these users generally perform), noticing abnormalities in their online behavior (login times, commands used, user locations, etc.), and preventing and reporting certain activities (e.g., downloading or modifying files and running privileged commands) that suggest some kind of system compromise might be underway. The product's behaviors are configurable and changes can be made rapidly.\nThe kind of tools most of us are using today to detect threats, identify vulnerabilities, and control user privileges have taken us a long way, but we are still fighting the battle to keep our systems and data safe. Cmd brings us a lot closer to identifying the intentions of hostile users whether those users are people who have managed to break into accounts or represent insider threats.\n Cmd \n\nView live Linux sessions\n\n\nHow does Cmd work?\nIn monitoring and managing user activity, Cmd:\n\nCollects information that profiles user activity\nUses the baseline to determine what is considered normal\nDetects and proactively prevents threats using specific indicators\nSends alerts to responsible people\n\n Cmd \n\nBuilding custom policies in Cmd\n\n\nCmd goes beyond defining what sysadmins can control through traditional methods, such as configuring sudo privileges, providing much more granular and situation-specific controls.\nAdministrators can select escalation policies that can be managed separately from the user privilege controls managed by Linux sysadmins.\nThe Cmd agent provides real-time visibility (not after-the-fact log analysis) and can block actions, require additional authentication, or negotiate authorization as needed.\nAlso, Cmd supports custom rules based on geolocation if user locations are available. And new policies can be pushed to agents deployed on hosts within minutes.\n Cmd \n\nBuilding a trigger query in Cmd\n\n\nFunding news for Cmd\nCmd\u00a0recently got a financial boost, having completed of a $15 million round of funding led by GV (formerly Google Ventures) with participation from Expa, Amplify Partners, and additional strategic investors. This brings the company's raised funding to $21.6 million and will help it continue to add new defensive capabilities to the product and grow its engineering teams.\nIn addition, the company appointed\u00a0Karim Faris, general partner at GV, to its board of directors.