Easily safeguard remote access

Keystrike Sanctum Guard ensures your servers receive only commands that are entered physically on your workstation, even when your workstation has been hacked. Sanctum Guard protects remote servers from further “lateral movement” compromise in your name, siloing even the stealthiest “living off the land” attackers, such those behind current ransomware attacks.

Try it on desktop!


Bolsters security of remote access

Seamless for your users

Simple idea—no alchemy needed

Complements authentication solutions

Bolsters security of remote access

Modern security practices segment computers into islands of trust. Keystrike Sanctum Guard secures the bridges that are built between the islands.

Bolster Security Image

Support across platforms and architectures

Keystrike Sanctum Guard is officially supported in Microsoft Windows (8.1+) environments. We will release native macOS and Linux clients, and UNIX/Linux terminator for SSH/telnet sessions in early 2024.

Lightweight clients

The agents run in the background off any critical paths with 20MB (client) and 40MB (terminator) memory footprint, ~0 CPU utilization, and a single outbound connection to a known IP/port. Keystrike is effectively invisible to your users and your system administrators.

Seamless for your users

Keystrike Sanctum Guard adds strong integrity for remote access across these bridges, ensuring that traffic into the sensitive realm originated from the person physically at the authorized workstation, rather than from someone who hacked into the machine.

On-prem option

Agents find one another and communicate via a Keystrike-managed service (dispatch). For particularly sensitive or air gapped environments, we offer a fully on-prem Kubernetes version of Keystrike Sanctum Guard.

Try Keystrike in action!

Curious about the value Keystrike could bring to your organization? Play with Keystrike in your browser — no installation needed! Just click below.

Run Demo
Try Keystrike