Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures

When the NSA and CIA source code leaked a couple years back, Sandfly founder Craig Rowland ignored the zero day attacks they had and studied their tactics in the code instead. In this video he’ll tell you why hunting for tactics is better than focusing on zero day attacks. Sandfly’s agentless Linux Security Bot hunts for intruder tactics because they are they best way of finding malicious activity without a constant stream of updates needed.