Get the latest tips for securing cloud-native applications. Download ESG Report →

Linux Server Security at Scale


This Uptycs customer is a major, multinational financial services company.


The customer operates a vast fleet of Linux servers across geographically distributed data centers and public cloud providers. Operating at a scale of well over 100,000 servers, they were looking into a comprehensive solution to provide security visibility at scale. After a six-month production pilot with Uptycs, the modules and functionality provided by the Uptycs Security Analytics Platform well exceeded the success criteria for the pilot to provide unprecedented visibility for multiple CSIRT use cases, including intrusion detection, FIM, asset inventory, vulnerability detection and incident investigation.


The customer operates a well-established financial transactions Internet site that is highly targeted by attackers. They have had a multitude of security challenges stemming from the rapid growth and scaling of their Linux infrastructure over the last decade.  The Linux server security posture was reliant on system logs, system auditing and various scripts used to scrape and forward data into a log-aggregation-based SIEM.  The SOC and CSIRT team were reliant on visibility confined to what the SIEM could collect. Due to the unstructured nature of log collection, the storage and compute costs were high. Also, getting an accurate picture of the asset inventory for basic security hygiene was a complex task. Finally, the impact on the production servers had to be minimal and the solution had to be hybrid-ready (i.e., on-prem and public cloud).

Tech Diagram_Case Study_FinTech_SaaS_ENT


The customer worked with Uptycs to first establish the endpoint performance and coverage requirements. With deep osquery engineering expertise, Uptycs provided an enterprise-grade osquery agent with a low resource footprint on the production servers, highly performant behavior, and portability across multiple versions of the Linux distribution. Armed with the requirement of low-production impact and high-visibility telemetry, the customer then worked with Uptycs to deploy the Uptycs scalable osquery-powered security analytics platform. The Uptycs Core module provided the scale to connect, manage and ingest data from many thousands of Linux server endpoints. The Uptycs Detection and Uptycs FIM modules were configured to provide foundational blocks for intrusion and malicious activity detection. The Uptycs Flight Recorder and Uptycs Investigation modules provided instant/ad-hoc visibility along with the ability to rewind history to get visibility into the state of thousands of servers at any arbitrary time in the past. Uptycs Flight Recorder and its API-first capabilities streamlined SIEM usage and provided valuable context to speedup investigations.

Impact and Results

Nothing speaks like a large enterprise decision to go into production at scale within six-months of a pilot. Uptycs was able to establish immediate value by providing security visibility at scale and empowering the customer SOC and CSIRT teams to focus on security rather than the associated data aggregation, storage, and analysis.

Key Stats:
  • Industry: Financial
  • Deployment: Greater than 100,000 Linux Servers
Benefits Summary:
  • Security @ Scale
  • Performant Solution
  • End-to-End Visibility
  • Operational Simplicity
  • Uptycs Core
  • Uptycs Detection
  • Uptycs Investigation
  • Uptycs FIM
  • Uptycs Flight Recorder
Why Uptycs:
  • Comprehensive: Universal Open Source Agent - Osquery
  • Scale: Endpoint Detection Network (EDN)
  • Visibility: Streaming Analytics
  • Context: Purpose-built Flight Recorder
  • Open: API-First Approach
  • Standards: SQL-powered Analytics

Resources for
the modern defender

Prepare for any challenges that lie ahead by choosing
the right tools today.

Analyst Report

Gartner® CNAPP Market Guide

294x230 Gartner CNAPP Market Gui
Solution Brief

4 Golden Rules for Linux Security

Threat Research

Detecting the Silent Threat: 'Stealers are Organization Killers'


See Uptycs in action

Start with our free, no-obligation 35-day trial. Get comfortable with Uptycs using synthetic data, then deploy to a live environment.