Linux is the backbone of critical infrastructure, yet it often flies under the radar when it comes to endpoint monitoring. From legacy servers to embedded systems, Linux devices are frequently unprotected, either due to operational risk, overlooked assets, or the false assumption that Linux is “secure by default.”

In this episode, Craig Rowland, founder and CEO of Sandfly Security, introduces an agentless approach to EDR purpose-built for Linux systems. By operating over SSH and running rapid, randomized checks without traditional kernel hooks, Sandfly can monitor unprotected Linux endpoints, detect fileless and dormant attacks, and uncover SSH key-based lateral movement—all without tipping over sensitive systems. Joining Craig are Jerich Beason, CISO at WM, and Steve Zalewski, co-host of Defense in Depth, dive into where this solution fits in the broader Linux security conversation and why it might be the missing piece for OT and critical infrastructure teams.

Huge thanks to our sponsor, Sandfly Security

Sandfly delivers agentless Linux EDR that deploys instantly across all distributions and architectures - from cloud servers to embedded devices and legacy systems. Our platform detects evasive threats, monitors SSH keys, and identifies system drift without performance impacts. Comprehensive Linux security without the endpoint agent risk.