Used in Header navigation bar
← Back to Blog

Challenges and solutions for securing distributed, remote and hybrid workforces

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist

Christopher Luft

The world has changed. The COVID-19 pandemic has dramatically increased the number of teams that are working with a remote and distributed model. This change is a welcome acceleration of what many feel would have been the eventual outcome of our digital future. With this new model comes a new and changing set of security challenges.

LimaCharlie’s Security Infrastructure as a Service (SIaaS) approach allows security professionals to build and consume dynamically in order to adapt to any changes the future holds. Using security fundamentals and our scalable infrastructure, teams can reliably build solutions for the type of convoluted attack surface that modern organizations foster as a by-product of staying competitive in a rapidly changing world.

The following outlines some of the new challenges that security teams have come up against in the last few years and how LimaCharlie provides easy solutions.

Life in the Cloud

Organizations are undergoing a one-way migration of their infrastructure and internal process to the cloud: racking and stacking servers is quickly going the way of the dinosaur. For long-established cybersecurity companies (“the big ones”) cloud was an afterthought. The foundations they had built their businesses upon had to integrate and adapt after the fact in order to stay relevant and able to offer services in the cloud.

LimaCharlie was born in the cloud and we are building towards the future. We offer unparalleled detection coverage in the cloud through several technologies. The LimaCharlie Adapter, available as an open-source project, comes ready to run detections in real-time against logs and telemetry for all of the following:

  • 1Password Event Logs

    An engineering approach to cybersecurity

  • 1Password API

  • AWS S3

  • AWS Cloud Trail Logs

  • Azure Event Hubs

  • CarbonBlack EDR

  • Google Cloud Pub/Sub

  • Google Cloud Platform audit logs

  • Native Windows Event Logs

  • Office 365 API


  • Syslog

  • Text/JSON logs

And because it is an open-source project with solid documentation and a thriving community, you can literally build this capability for any technology platform.

One of the other benefits of building with LimaCharlie is that users retain total control over their data. If there are compliance requirements, for which our 1-year full and searchable telemetry storage is not enough, you can send your data wherever you want. This freedom allows organizations to easily send all security-related telemetry into long-term storage to fulfill compliance obligations. It also means that you can save huge amounts of money by only forwarding relevant types of telemetry into cost-intensive services like Splunk, while saving the bulk in cheap cold storage.


This will not be news to anybody that works in a larger organization: a tight labor market combined with the move to working from home is making it harder to enforce the use of corporate hardware. Employees want to use their own devices on their own terms. They have their favorite operating systems and workflows that they have developed over their careers. Trying to enforce centralized IT policies will inevitably push employees towards shadow IT. Instead of engaging in a never-ending battle, wouldn’t it make much more sense to provide a low-friction security solution that allows employees to work with whatever tools they want?

Software defined networking

The approach taken needs to be measured against the threat but LimaCharlie puts all options on the table with the highest EDR platform support industry-wide: all versions of Windows back to XP SP II, all versions of Linux, and Intel & ARM macOS. The EDR can also be deployed as a Docker image or as a privileged container in Kubernetes. 

The LimaCharlie EDR agent is written in C and then compiled for each of the platforms on which it runs. Because it is the same agent running on every platform there is a common data format and feature parity (with a few exceptions for platform-specific functions) making it possible to deploy a common set of detection and response rules across all devices. Protect your organization against internal and external threats. Take action directly on any device: access the file system, run an executable or isolate the host from the network (while maintaining a line of control). All actions can be performed programmatically as part of a response action or manually by an operator via the web application.

Workers on the move

Most people don’t like working at a desk for most of the day every day of their lives. With remote work becoming the norm, organizations are starting to see large portions of their employees taking advantage of co-working spaces, coffee shops, and other public spaces to keep their days stimulating. These insecure internet access points pose a real threat. Bad actors can hijack DNS, sidejack applications, capture logs of user activity, and perform Man-in-the-Middle attacks. Security teams that want to build defenses against insecure internet access points can deploy LimaCharlie’s Secure Access Service Edge (SASE). This software-defined networking technology allows defenders to create secure connections to internal resources based on the identity of the device regardless of client location. It is a microsegmentable virtual private network that allows your team to work from anywhere without compromising security.

Parting words

LimaCharlie is an approach to cybersecurity built for an industry that is growing up. An industry for which magic black-box solutions just don’t cut it anymore. By making a small investment and learning this platform you can ensure that you will be able to achieve a solution for whatever security problem you are trying to solve, now and in the future.

LimaCharlie architecture graphic

If you have any questions, please reach out and say hello. We love talking to people and are always happy to do a technical demo. If meat-space is not your thing you can always go kick the tires with our full-featured free tier of two sensors.

You can book a technical demo here: Book a demo

Or sign up and get started here: Sign up