Easily safeguard remote access

Easily safeguard remote access

Keystrike Sanctum Guard ensures your servers receive only commands that are entered physically on your workstation, even when your workstation has been hacked. Sanctum Guard protects remote servers from further “lateral movement” compromise in your name, siloing even the stealthiest “living off the land” attackers, such those behind current ransomware attacks.

Keystrike Sanctum Guard ensures your servers receive only commands that are entered physically on your workstation, even when your workstation has been hacked. Sanctum Guard protects remote servers from further “lateral movement” compromise in your name, siloing even the stealthiest “living off the land” attackers, such those behind current ransomware attacks.

Try it on desktop! Get a video sneak peek!

Amer Sports Stops Attackers Moving Laterally

“When I learned about Keystrike, I loved the simplicity. Keystrike ensures that only our own employees are accessing our servers, not adversaries who have hacked our employees. But Keystrike also doesn’t bother or distract our employees at all, which is a great win-win: stronger security without added inconvenience.”

– Heimir Kristjánsson, Amer Sports

Features

Bolsters security of remote access

Seamless for your users

Simple idea—no alchemy needed

Complements authentication solutions

Bolsters security of remote access

Modern security practices segment computers into islands of trust. Keystrike Sanctum Guard secures the bridges that are built between the islands.

Bolster Security Image
An illustration with Keystrike logo in the middle, with 4 lines pointing to different icons - including the Apple and Windows logos

Support across platforms and architectures

Keystrike Sanctum Guard is officially supported in Microsoft Windows (8.1+) environments. We will release native macOS and Linux clients, and UNIX/Linux terminator for SSH/telnet sessions in early 2024.

An illustration of a open folder holding a feather representing Sanctum Guard as lightweight

Lightweight clients

The agents run in the background off any critical paths with 20MB (client) and 40MB (terminator) memory footprint, ~0 CPU utilization, and a single outbound connection to a known IP/port. Keystrike is effectively invisible to your users and your system administrators.

An illustration showing a bridge, with a line above that includes a checked shield in the middle - signifying security for the two connection locations

Seamless for your users

Keystrike Sanctum Guard adds strong integrity for remote access across these bridges, ensuring that traffic into the sensitive realm originated from the person physically at the authorized workstation, rather than from someone who hacked into the machine.

Illustration of two buildings side by side, with a location pin on top of right building

On-prem option

Agents find one another and communicate via a Keystrike-managed service (dispatch). For particularly sensitive or air gapped environments, we offer a fully on-prem Kubernetes version of Keystrike Sanctum Guard.

Remote access security without the false positives. Try Keystrike in action!

Curious about the value Keystrike could bring to your organization? Play with Keystrike in your browser — no installation needed! Just click below.

Run Demo
Try Keystrike