Case Study: Securing The University of Massachusetts, Lowell Research Network
Sandfly Security is proud to be part of the
Vodafone Xone Accelerator Program
Business Type: Public University on the U.S. East Coast
Size of Organization: 2,200 employees located in a single region.
Core Business Supported by Linux: Education, Teaching, Research.
Number of Linux Devices Covered by Sandfly: More than 60.
Type/Flavor of Linux Covered by Sandfly: Standard distributions, including Ubuntu and CentOS with some older distributions in research labs; 40% are virtual builds.
After researching solutions, he found that Sandfly was the only comparable product for visibility into Indicators of Compromise (IOC) on all of his Linux systems, including legacy systems.
“I didn’t see any other compatible product that focuses on IOC for Linux,” he explains. “Sandfly gives us a lot of insight into how our systems are being used—and in ways that just firewall logs and traffic logs don’t indicate.”
For example, Sandfly revealed that some of their Linux servers were being used as jump hosts with netcat into other systems. It turned out that the actions were not malicious, but the security team did use the information to assist their users to switch hosts in a more secure method with SSH.
Sandfly also alerted the security team to some other issues regarding incorrect permissions on user’s home folders, which they were able to repair immediately.
“Although we haven’t found an active attack, we have gained tremendous insight on how systems are being used,” says the engineer. “This in itself is valuable.”
He particularly likes that Sandfly doesn’t require agents to be able to see any of the thousands of IOCs that Sandfly can detect inside their Linux devices. This saves his organization from costly and frustrating experiences when the agents need upgrading (breaking the Linux service) or when the Linux systems are upgraded (breaking the agents).
Since Sandfly’s agentless system only requires a secure user account to administer, Sandfly is much easier to manage, direct, and roll out across devices. Sandfly’s accurate detection also makes it easier to follow-up on and recover from any type of incident, he explains.
“Knowing that we have this extra level of monitoring and protection on all existing and new servers helps us, particularly when deploying Linux servers that aren’t necessarily managed by our central IT department,” he adds.
Sandfly Performance Scorecard
Visibility into malicious activity on your systems.
Reduced dwell time of malicious actors on your systems
Accuracy of detection/reduced false positives
Responding to Linux-based incidents
Ability to work with other detection and reporting systems
Other (please specify).
“Insight on how systems are being used”