+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Antivirus & Protection (https://sinister.ly/Forum-Antivirus-Protection)
+--- Thread: Free Linux Endpoint Protection - Sandfly (/Thread-Free-Linux-Endpoint-Protection-Sandfly)
Free Linux Endpoint Protection - Sandfly - lisitsya - 08-18-2023
If you run Linux systems, I highly recommend looking into Sandfly Security for Endpoint Detection and Response (EDR) to protect them. For those unfamiliar with EDR, you can think of it like more advanced antivirus that is better at detecting compromise through anomalous behavior, and usually gives you more fine-grained control about what to do about a detection.
Sandfly is free for most homelab/personal use-cases, and is self-hosted. All you need is at least one server and some basic Linux and Docker administration skills.
What I particularly like about Sandfly is that it's designed from the ground-up for the way Linux does things, and hence how attackers will usually try to evade detection and gain persistence on Linux. Most of the Windows EDR/AVs, aside from signature-based file scanning, focus heavily on process and in-memory artifact monitoring. This makes sense, as anyone familiar with attacking modern Windows can attest. But of course on Linux, a lot more is done via files, or at least pseudo-files (think about monitoring /proc for example). Unfortunately, even for EDRs/AVs with Linux versions, the Windows "model" is often mindlessly ported.
If the Windows approach is something like 80/20 process/memory vs. file monitoring, Sandfly is more like 50/50, which is much more appropriate to how Linux does things and how it's usually attacked.
RE: Free Linux Endpoint Protection - Sandfly - kiraaa - 05-27-2024
Thank you for your contribution. Much gratitude!
RE: Free Linux Endpoint Protection - Sandfly - techsub - 10-22-2024
Thank for letting me know