KernelCare Enterprise Live Patching by TuxCare

Additional Info

Company size (employees)50 to 99
Headquarters RegionNorth America
Type of solutionHybrid


Security operations teams strive to minimize their organizations’ risk by identifying vulnerabilities and setting a patching policy to address them. At the same time, system owners strive to provide a great user and customer experience by making the most of their available systems. This is sometimes seen as a tradeoff, with some organizations accepting a higher level of data breach risk to support operations and provide a better customer experience. Meanwhile, other organizations opt to reduce their risk by updating their systems more frequently at the cost of using more IT resources and often while undermining their customer experience. Industry leaders do not make this tradeoff. Instead, thanks to live patching technology, they provide their users with continuous service while at the same time reducing their risk and rapidly patching all vulnerabilities – all with no additional effort.

TuxCare’s KernelCare live patching significantly enhances a vulnerability patching program by reducing the vulnerability window, eliminating downtime and erasing the hidden costs and risks of maintenance windows. With TuxCare’s KernelCare, systems are patched in milliseconds while they are still running, eliminating vulnerability patching delays caused by the wait to the next maintenance window. The kernel and processes running in the system are updated to non-vulnerable code automatically with no downtime.

How we are different

-- Accelerates the vulnerability patching timeline - In large organizations, the separation of duties and different system ownership make security patching a challenging task. According to Ponemon Institute, 56% of enterprise organizations take from five weeks to more than one year to apply security patches. At the same time, high risk vulnerabilities appear at unexpected times. Instead of spending time identifying the responsible teams and deliberating on patching and restarting the vulnerable servers during the next maintenance window, KernelCare live patching enables you to patch systems immediately – shrinking the vulnerability patching window to the absolute minimum. Any vulnerable servers are patched as soon as the fix is available.

-- Eliminates maintenance windows or sets the right one for your organization - Several organizations have settled for monthly or quarterly maintenance windows where services are restarted, and servers are rebooted. This way, systems include the latest vulnerability fixes – not only at the cost of service downtime, but also at the expense of wasting human capital on mundane tasks. With KernelCare, you can eliminate maintenance windows entirely or set them to what makes the most sense for your business, whether it is 12 months apart or after several years of uptime. You’re now able to eradicate downtime from your infrastructure and use your engineers where they’re needed most, all while automatically live patching vulnerabilities.

-- Patches all the Linux systems in an infrastructure - KernelCare live patching is available for a variety of Linux systems. Whether you have infrastructure with CentOS, AlmaLinux, Rocky, Red Hat Enterprise Linux, Amazon Linux, Oracle Linux, Debian, or Ubuntu systems, KernelCare Enterprise will patch your systems. It is available for both x86-64 (Intel and AMD) and ARM64 architecture. On each supported system, all the released kernels receive security patches for a practically unlimited period.