Podcast Summary: Risky Bulletin – Sponsored: Why Linux is the Dark Matter of the Internet

Release Date: June 29, 2025

Host: Tom Uren
Guest: Craig Rowland, CEO and Founder of Sandfly Security

Introduction

In the sponsored episode titled "Why Linux is the Dark Matter of the Internet," host Tom Uren engages in an insightful conversation with Craig Rowland, CEO and Founder of Sandfly Security. The discussion delves into the pervasive yet underappreciated role of Linux in the digital infrastructure, the inherent security challenges it presents, and how Sandfly Security is addressing these issues with innovative solutions.

The Hidden Prevalence of Linux in Critical Systems

Craig Rowland begins by highlighting the ubiquitous presence of Linux in various sectors, emphasizing its foundational role in powering the internet and numerous critical infrastructures.

[00:17] Craig Rowland: "90, 95% of all cloud workloads are going to be Linux. A lot of embedded systems, IoT network devices, all sorts of stuff. They're almost always going to be a Linux-based system, including a lot of critical infrastructure, telecommunications, power, things like that."

Despite its extensive use, Linux remains largely invisible in the realm of cybersecurity discussions, primarily because end-users interact more frequently with Windows or macOS systems.

Security Focus: Windows vs. Linux

The conversation shifts to the disparity in security focus between Windows and Linux environments. While Windows garners significant attention and resources, Linux systems often operate in the background without adequate monitoring.

[02:08] Craig Rowland: "Most infosec budget tends to be focused on Windows because that's what you see. But behind the scenes, it's actually the Linux that's really keeping the data moving in."

This imbalance leaves Linux systems vulnerable, especially as security teams may lack the expertise required to monitor and secure these environments effectively.

Targeting Linux: Nation-State Actors and Beyond

Rowland discusses how the obscurity of Linux makes it an attractive target for sophisticated attackers, including nation-state actors seeking to maintain long-term persistence within critical systems.

[05:25] Craig Rowland: "People might think the Linux doesn't have any issues with security, but really most of the time what it is is they're just not looking. And that makes it a very attractive target, especially to nation states that are looking to persist for a very long time."

He cites examples such as command and control servers on Linux-based NAS devices, illustrating the stealthy nature of attacks that go unnoticed due to the lack of proper monitoring.

The Defensive Paradox in Critical Infrastructure

A significant challenge discussed is the "catch-22" situation faced by organizations managing critical Linux-based infrastructure. Enhancing security without disrupting essential services is a delicate balance.

[07:00] Craig Rowland: "If I go in and take out the entire database cluster that's running on Linux on Black Friday or something, people get fired. It's a completely different level of risk."

The reluctance to deploy traditional security agents stems from the potential risks of system instability and downtime, which can have severe operational and financial repercussions.

Sandfly Security's Agentless Solution

Addressing these challenges, Sandfly Security offers an agentless Linux endpoint detection product designed to provide comprehensive monitoring without the usual compatibility and performance issues associated with agent-based systems.

[07:00] Craig Rowland: "We come in with a message of basically look, we're not going to deploy anything that ties into that kernel. We could work on systems up to a decade old, all the way to modern cloud infrastructure."

This approach ensures high compatibility across diverse Linux environments, including various distributions and CPU architectures, thereby offering scalable and reliable security without compromising system integrity.

Challenges in Standardizing Linux Security

Rowland elaborates on the complexities of securing Linux systems due to their diversity. Unlike Windows, which offers a more uniform environment, Linux systems vary widely in distributions, configurations, and underlying hardware.

[08:53] Craig Rowland: "Linux systems tend to have different Distributions, different CPU types, different configurations. So every time you get onto a new Linux system it's almost like you need to do almost like custom exploitation to access and maintain it."

This fragmentation complicates both offensive and defensive cybersecurity efforts, making standardized security measures harder to implement effectively.

The Importance of Visibility and Proactive Measures

A recurring theme is the critical need for enhanced visibility into Linux environments. Rowland emphasizes that without proactive monitoring, organizations remain blind to potential threats lurking within their Linux infrastructure.

[14:25] Craig Rowland: "I'd say, I would estimate they're outnumbered 10 to 1. There are probably 10 Windows people for every one Linux person on a typical security team you might run into. So that's why it tends to get a lot of the attention."

Sandfly Security aims to bridge this gap by providing tools that empower security teams to monitor and investigate Linux systems effectively, thereby mitigating risks before they escalate into significant breaches.

Conclusion

The episode sheds light on the often-overlooked security vulnerabilities within Linux-based systems that form the backbone of the internet and critical infrastructure. Craig Rowland of Sandfly Security articulates the pressing need for specialized, agentless security solutions that offer comprehensive visibility without disrupting essential operations. As cyber threats become increasingly sophisticated, especially from nation-state actors, the importance of securing Linux environments cannot be overstated.

Notable Quotes:

• “Most infosec budget tends to be focused on Windows because that's what you see. But behind the scenes, it's actually the Linux that's really keeping the data moving in.” — Craig Rowland [00:17]

• “People might think the Linux doesn't have any issues with security, but really most of the time what it is is they're just not looking.” — Craig Rowland [05:25]

• “We come in with a message of basically look, we're not going to deploy anything that ties into that kernel.” — Craig Rowland [07:00]

• “Linux systems tend to have different Distributions, different CPU types, different configurations.” — Craig Rowland [08:53]

• “I'd say, I would estimate they're outnumbered 10 to 1. There are probably 10 Windows people for every one Linux person on a typical security team...” — Craig Rowland [14:25]

This episode serves as a crucial reminder of the hidden complexities within our digital infrastructure and the imperative to enhance security measures across all operating systems, especially those as pervasive yet overlooked as Linux.