The LimaCharlie agent is a light-weight program that gets installed on the computers - or endpoints - that you want to protect. It employs a customizable rule-based system that can detect more than 50 types of events and can deploy an automated response.

The LimaCharlie agent itself runs on 32-bit Windows all way Back to Windows XP through to the most modern versin of 64-bit Windows. It can run on all flavours of Linux both 32-bit and 64-bit. There is also a build for MacOS and builds for Solaris and BSD can be produced on request. Most recently the sensor has been ported to the ARM architecture for both 32-bit and 64-bit Windows and Linux. The LimaCharlie infrastructure is very well suited for IoT and we have experimental builds for MIPS and Android. If you are interested in security for IoT please let us know - we would love to talk to you.

The agent is written in C and then compiled for each different platform and architecture it runs on which means is that it has true feature parity across all operating systems. The only exceptions are platform specific functions, such as monitoring Windows registry operations, etc.

The agent is approximately 500kb in size but that varies a little depending on which platform it is compiled for. While running it consumes less that 1% CPU but does spike very briefly when certain events take place like an application starting up. LimaCharlie is able to pack so much power into such a small program because it treats the agent as an extension of the cloud by utilizing a true real-time persistent TLS connection. The round trip time from an event being detected to the time a response is actioned on the endpoint is generally less than 100 milliseconds.

Sensors are designed to limit the potential for abuse resulting from unauthorized access to the LimaCharlie platform. This is achieved by limited open-ended commands as well as commands that could enable an attacker to covertly upload malicious software to your hosts. This means the LimaCharlie sensor is extremely powerful but also keeps its "read-only" qualities on your infrastructure. Of course, all access and interactions with the hosts are also logged for audit both within the cloud and tamper-proof forwarding to your own infrastructure.