Agentless Endpoint Security for Linux


Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Hunt for Linux rootkits, malware, and compromised hosts without agents or false alarms.

Agentless Intrusion Detection and Security for Linux Endpoints


Sandfly is an agentless intrusion detection and threat hunting system for Linux. Sandfly gives instant protection for cloud or non-cloud based Linux systems without the reliability and maintenance problems of loading agents on your endpoints. 


Sandfly investigates Linux systems for standard and stealth rootkits, malware, and other signs of compromise in seconds. Sandfly investigates and hunts for threats on your Linux infrastructure thousands of times a day without impacting performance.


Linux security personnel are expensive and scarce. Sandfly amplifies your team’s effectiveness with security expertise that is accurate and reliable. We save your team time and money by leveraging our extensive Linux security knowledge to help make better decisions.


Our automated system is accurate. Accurate information means you can address threats quickly and contain small problems before they become big.  Sandfly’s accurate and detailed forensic data allows your security team to work more efficiently.  

Search. Hunt. Discover.

Are You Hunting Intruders, or Are Intruders Hunting You?

24 Hour Protection

Sandfly searches for attacks on your Linux hosts 24 hours a day so intruders cannot get in and remain undetected. Our methods are specific to finding hackers regardless of how they gained access.

Hunt for Hackers

Sandfly hunts for hackers, rootkits, and malware on Linux even if they are actively trying to hide. Sandfly augments limited security team resources by hunting for intruders without false alarms that waste time.

Discover Real Threats

Sandfly discovers Linux compromises early so you can respond in a targeted and deliberate way. You can reduce intruder dwell time from months to just minutes with Sandfly.

Rapid Deployment. Rapid Protection.

Chase Threats, not Ghosts

Many security products produce piles of false alarms making them worthless. Sandfly instead relies on spotting the outcomes of successful compromise that almost always indicate an intrusion has happened. With Sandfly’s unique approach, we generate almost no false alarms. 

Built for Linux

Sandfly was designed from the ground up to protect Linux. Sandfly will spot Linux rootkits, malware, and other signs of compromise 24 hours a day even if your team lacks Linux security knowledge to do it themselves. Sandfly does the hard work automatically.

Secure in Seconds

Protecting Linux is instant with Sandfly. Sandfly can provide immediate results with no remote system impact. You can have security monitoring in place in seconds without the maintenance and reliability problems of loading software agents. 


At Webmad we chose Sandfly to protect our clients. The agentless install didn’t require any changes on our systems and gave us immediate results with no resource impacts.
BitPrime uses Sandfly to help protect our cryptocurrency exchange platform against attack. Sandfly’s agentless intrusion detection system gives us extra security to help keep our customers safe.

We're Ready to Help Keep Your Linux Systems Secure