Forget patching security holes — open source is building fortresses. Edera and CIQ are leading a new wave of hardened Linux and secure container tech built for the era of relentless cyberthreats.
Edera announced the launch of its first live demo environment for cloud container users at the KubeCon + CloudNativeCon Europe gathering last month. The portal allows users to interact directly with Edera Protect, test its functionality, and see how hypervisor technology works.
“We also launched an industry-wide initiative to establish strong isolation as a standard for cloud-native applications, and we invite organizations across the ecosystem to join us,” Kaylin Trychon, head of marketing at Edera, told LinuxInsider.
Enterprise Linux platform developer CIQ released a technical preview version in March, optimized for environments with the most stringent security requirements. This RLC-H version is, as CIQ describes it, Rocky Linux on steroids. CIQ still supports several non-hardened distro versions for more general use.
RLC-H Targets High-Security Use Cases
RLC-H’s features include stronger password policies, memory corruption detection, kernel integrity checking, and SSH restrictions, offering a more secure option than other security-minded Linux distributions. This hardened enterprise version differs from other security-focused Linux products, according to Gregory Kurtzer, CEO of CIQ.
“It is ideally suited for sectors like government and finance, where stringent regulations are the norm. Organizations struggle to consistently thwart security attacks across their Linux environments. Even a single exploit poses a major risk,” he said.
RLC-H makes it harder for malicious attackers to break into critical software infrastructure by providing a more secure foundation and in-depth defense, he added. It maintains compatibility with the enterprise Linux standard.
How RLC-H Hardens the Linux Kernel
Brady Dibble, director of product management for CIQ, told LinuxInsider that the hardened version offers significant advantages to any organization that prioritizes security for safeguarding sensitive data or mitigating modern cyberthreats. These benefits apply across diverse sectors such as defense, aerospace, and health care, as well as cloud-native environments demanding consistent performance across hybrid infrastructures.
He explained that it differs from other security-focused distributions by doing more than merely patching Common Vulnerabilities and Exposures (CVEs). Designed to be pre-hardened with several security configurations already in place, it eliminates the risk of user errors in configuring settings.
“RLC-H takes a more proactive approach to address entire classes of vulnerabilities, such as better rootkit protections with Linux Kernel Runtime Guard (LKRG). This proactive hardening, combined with real-time detection, gives teams a more complete approach to threat mitigation,” he reiterated.
Dibble explained that LKRG operates at the kernel level to offer real-time integrity checks and anomaly detection that prevent rootkits and other kernel-level exploits.
For example, it detects unauthorized kernel-level changes, such as privilege escalation exploits. It also flags anomalous behavior before it affects user space and maintains a low false-positive rate, which is critical for production reliability.
“It is a defensive layer akin to a kernel-level intrusion detection system (IDS), offering early and effective alerting where traditional detection methods may fail,” he said.
CIQ Uses Secure Supply Chain for RLC-H
CIQ delivers a safer Linux OS through a secure supply chain and pre-configured security.
Its code-level hardening blocks commonly used exploit paths and automatically updates security. It has enhanced threat detection, premier support, and API and application binary interface (ABI) compatibility with the enterprise Linux standard.
CIQ’s RLC-H gives CISOs and IT teams an added security edge in protecting against malicious threats from sophisticated attacks on corporate computer systems.
Edera Protect 1.0 Secures Cloud Containers
Edera’s goal is to secure cloud containers without slowing down developers. The project’s release of version 1.0 marks a significant milestone just over a year after development began. Its production-ready solution reimagines container infrastructure for the cloud-native world.
Edera Protect holistically addresses container security by re-architecting the standard container runtime. This approach provides complete isolation between containers by default. It maintains the performance and efficiency that developers expect from modern cloud-native infrastructure.
It plugs directly into existing Kubernetes infrastructure in minutes and scales to tens of thousands of nodes. This results in better resource utilization and a more secure posture for cloud-native applications without disrupting developers’ workflows or requiring a complete infrastructure overhaul.
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9033170205386889&output=html&h=280&slotname=8047494026&adk=1628559955&adf=689600387&pi=t.ma~as.8047494026&w=770&abgtt=9&fwrn=4&fwrnh=0&lmt=1747607981&rafmt=1&armr=3&format=770×280&url=https%3A%2F%2Fwww.linuxinsider.com%2Fstory%2Federa-and-ciq-advance-linux-security-with-hardened-tools-177548.html%3F__hstc%3D8228397.38ed76194260306716e375de76935a05.1747606341345.1747606341345.1747606341345.1%26__hssc%3D8228397.2.1747606341345%26__hsfp%3D1461815168&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTkuMC4wIiwieDg2IiwiIiwiMTM1LjAuNzA0OS44NSIsbnVsbCwwLG51bGwsIjY0IixbWyJHb29nbGUgQ2hyb21lIiwiMTM1LjAuNzA0OS44NSJdLFsiTm90LUEuQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEzNS4wLjcwNDkuODUiXV0sMF0.&dt=1747607876481&bpp=4&bdt=7636&idt=13867&shv=r20250514&mjsv=m202505130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc4a246447b278778%3AT%3D1747607891%3ART%3D1747607891%3AS%3DALNI_MYZqoilGpwnlfomBca5iWtKJIH95A&gpic=UID%3D000010b372c4de30%3AT%3D1747607891%3ART%3D1747607891%3AS%3DALNI_MbDMpLbnyKzHPDM7YtaUjo0j6s0tw&eo_id_str=ID%3D9bcabcec92092ac7%3AT%3D1747607891%3ART%3D1747607891%3AS%3DAA-AfjbTe6e9MOkH1CpqWjwso9jr&prev_fmts=0x0%2C1170x280%2C340x280%2C340x280%2C770x280%2C340x280&nras=1&correlator=2293726259850&frm=20&pv=1&rplot=4&u_tz=60&u_his=3&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1.125&dmc=8&adx=208&ady=3564&biw=1686&bih=735&scr_x=0&scr_y=1023&eid=31092463%2C95353387%2C42533293%2C95360955&oid=2&psts=AOrYGsm-8ivz8JcqVldWMfbjpiqhk53qkoZv0Ud-9K9w71n6RWhtX3iLFtgzDGIuVsFdbuC1PPvhVOr5FsYT-ATO&pvsid=4656148300318594&tmod=1484695994&uas=1&nvt=1&ref=https%3A%2F%2Fwww.technewsworld.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1707%2C735&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=0.75&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&btvi=5&fsb=1&dtd=M
Edera’s Trychon explained that the container-native hypervisor can run non-Linux workloads, such as FreeBSD or Solaris containers, alongside Linux ones and manage them with Kubernetes.
“As cloud adoption expands and multi-tenancy becomes standard practice, the need for workload isolation that can truly withstand sophisticated attacks grows more pressing. Organizations shouldn’t have to choose between security, performance, and compatibility,” she noted.
New Tools Strengthen Linux Security Posture
Ariadne Conill, co-founder and distinguished engineer at Edera, noted that the company previously released OpenPax for various Linux distributions. This open-source kernel patch provides mitigations for common memory safety errors, rehardening systems against application-level memory safety attacks.
“In Alpine Linux, for example, it is an optional memory safety defense with interest in extending the patchset with additional defenses,” Conill told LinuxInsider.
“Styrolite is new,” she continued, “but there is a lot of interest in the open-source community to make use of it in build systems. We have seen significant interest in learning more about Styrolite and its use case on the ground at KubeCon.”
Edera Protect’s reception at Kubecon was nothing short of inspiring, Trychon added. It energized the developer team to complete building new features, such as multi-tenant live migration of containers.
“Additionally, we are making significant progress on our Edera Protect AI solution, which is currently in beta. Protect AI has the potential to dramatically increase both the control and trust of AI infrastructure with our GPU configuration and security through auto-detection, driver isolation, and GPU virtualization capabilities,” she concluded.
