Sandfly is an agentless threat hunting and compromise detection system for Linux. Sandfly gives instant protection for cloud or non-cloud based Linux systems without the trouble of deploying agents. Sandfly can run on all Linux distributions without any modifications.
Sandfly investigates Linux systems for standard and stealth rootkits, malware, and other signs of compromise in seconds. Sandfly is able to investigate and hunt for threats on your Linux infrastructure thousands of times a day without impacting performance.
Sandfly fully automates the expertise of a forensic investigator for your Linux systems. Our methods provide thorough coverage to detect intrusions, even if attackers are employing stealth and active evasion tactics.
Sandfly is designed to investigate your hosts the way an experienced investigator would. Our investigation modules are not only fast, but also highly accurate. Sandfly won’t swamp your team with false alarms. You can spend more time chasing actual threats instead of ghosts.
ALWAYS ON GUARD
Sandfly was designed from the ground up to detect compromised Linux hosts. Sandfly searches for signs of compromise on your Linux systems and provides fast and detailed alerts to any problems. If attackers have evaded multiple layers of your security, Sandfly provides a backstop to ensure intruders can’t get comfortable on your network and spread further without being seen.
Agentless security for rapid deployment on Linux.
Searches for signs of compromise on Linux that evaded your other security layers.
Searches 24 hours a day for Linux intrusions without any operator action.
Built to be a security product for Linux from the ground up.
Read About Sandfly's Features
After much time coding and testing, we are pleased to announce that Sandfly 1.1 is now released. Sandfly is an agentless security investigator and compromise detection system for Linux. With Sandfly you can have an instant security presence on your Linux systems without the hassle of installing and maintaining agents. Are you hunting rootkits, or Read more about Hello, World – Sandfly 1.1 is now available[…]
The video of Craig’s talk at the Christchurch Hackercon has been posted to YouTube. This video covers the slides posted earlier on the blog which includes using basic Linux command line tools for intrusion detection and forensics. The talk covers these areas: Suspicious processes Suspicious directories Suspicious files and audit log tampering Other things that are Read more about Christchurch Hacker Con Linux Digital Forensics Video[…]
Twenty years ago Sandfly Security founder Craig Rowland wrote a paper about hiding data in the TCP/IP protocol suite. This paper was inspired by work he had done writing attack tools against early generation network intrusion detection systems. Chet Hosmer and Mike Raggo at the recent Defcon conference go over the state of affairs of Read more about Covert Channels in the TCP/IP Protocol Suite Defcon Talk[…]
Craig Rowland presented today at the Christchurch HackCon on the topic of using basic command line tools for Linux forensic investigation. His talk focused around using built-in command line tools and careful observation to detect compromised Linux hosts without any special tricks. These slides present basic techniques any Linux administrator can use today to quickly Read more about Command Line Forensics For Linux – Christchurch HackerCon 2017[…]
Sandfly Security founder Craig Rowland will be presenting at the Christchurch Hacker Con 2017 on October 27th. The presentation will be about using Linux command line tools to find common signs of system compromise. If you’re in the area, check it out here: Christchurch Hacker Con 2017 We’ll post the slides after the talk on Read more about Craig Rowland Presenting at Christchurch Hacker Con 2017[…]
Sandfly Security is developing new kind of Linux threat hunter and intrusion detection tool. Stay tuned for more details or sign up for our mailing list.