What is LimaCharlie?

LimaCharlie is a cloud-based software platform for delivering endpoint detection and response capability. It is a reliable solution that provides endpoint telemetry, detection and response capability at any scale. LimaCharlie allows users to output telemtry to their own storage solution, or enable an optional long-term storage and search capability.

LimaCharlie employs a cross platform endpoint sensor - or agent - that is installed on all endpoints which are monitored. It is a low-level, light-weight sensor that executes detection and response functionality in real-time. We achieve true real-time responsiveness through the use of a semi-persistent TLS connection. Round-trip times for detection and response typically take less than 100 milliseconds.

The sensor provides a wide range of advanced capability. Flight Data Recorder (FDR) type functionality like Processes, Network Connections, Domain Name requests, etc. Sensors are designed to limit the potential for abuse resulting from unauthorized access to the LimaCharlie platform. This is achieved by limited open-ended commands as well as commands that could enable an attacker to covertly upload malicious software to your hosts. This means the LimaCharlie sensor is extremely powerful but also keeps its "read-only" qualities on your infrastructure. Of course, all access and interactions with the hosts are also logged for audit both within the cloud and tamper-proof forwarding to your own infrastructure.

LimaCharlie can also initiate host isolation, automated response rules, intelligent local caching of events for in depth Incident Response (IR) as well as some forensic features like dumping memory.

The LimaCharlie platform is hosted on the Google Cloud Platform, leveraging multiple capabilities from credentials management to compute isolation in order to limit the attack surface.

Data access is managed through Google Cloud IAM which is used to isolate various components and customer data. Processing is done in Google Kubernetes Engine which provides an additional layer of container isolation.

LimaCharlie lives in multiple, independent Google data centers around the globe. This means that choosing a geographical location ensures data will always be processed in this location and never moved outside. The LimaCharlie cloud is available in various geographic regions to comply with different legal data requirements. Current regions of availability are U.S.A., Europe, Canada, United Kingdom and India (Singapore, Hong Kong, Taiwan, South America, Z├╝rich and Australia can be made available upon request).

Each LimaCharlie data center uses independent cryptographic keys at all layers. Key management uses industry best practices such as key encryption at rest.

LimaCharlie data is secured starting at the endpoint all the way to your infrastructure.