
“Live Protect uses extended Berkeley Packet Filter (eBPF) technology, a powerful Linux kernel feature, through the Tetragon agent embedded in NX-OS. This allows deep visibility and enforcement directly within the kernel, monitoring system calls, file operations, process control, and network traffic to detect and prevent privilege escalation, control-plane attacks, and other sophisticated threats,” Varanasy wrote.
The Live Protect vulnerability shields are basically policies for a selected, validated vulnerability condition, according to Varanasy. These shields are intended as temporary measures and should be decommissioned once a permanent software fix is applied, he said.
“Live Protect is not a patch,” wrote Tom Gillis, senior vice president and general manager of the Cisco infrastructure & security group, in blog post about Live Protect in June. “It does not replace the need for core lifecycle discipline or permanent software updates. Instead, it serves as a temporary, targeted shield that mitigates the risk of a specific vulnerability with a few clicks. It is intended to be a ‘finger in the dike’, an emergency control that is applied to a running system without disrupting that system between more frequent maintenance windows.”




















