To help detect the most stealth advanced persistent threats (APTs), LynuxWorks devised the RDS5201 Rootkit Detection System. The hardened appliance is built on the LynxSecure 5.2 separation kernel and hypervisor. LynxSecure is a non-detectable secure platform that’s used to exercise potential infections. It constantly monitors for malicious and irregular activity in key disk areas, physical memory areas, etc. The RDS5201 also complements traditional security mechanisms (e.g., SIEM) in efforts to protect against ever-more-complex cyber threats. In particular, the system detects the pervasive low-level, zero-day rootkits. Rootkits work at the lowest levels of the operating system, disabling installed anti-malware client applications. With the RDS5201, detection is direct (not via statistical analysis or other indirect techniques) and is coupled with immediate, automated, live visual forensic data. It serves as a smart proactive sensor against APT attacks in IT networks. In addition, APT detection time, which often takes weeks or months, is reduced to seconds.