Sandfly 3.0 Beta - Live Now

August 20, 2021

Sandfly, Sandfly Update, Update

Sandfly 3.0 Beta is now available. Over the past few months we’ve made significant upgrades to Sandfly based on user feedback and our own product roadmap. Here is what’s new.

New UI

With a complete overhaul of the UI, we have made significant improvements in the ease of navigation and made our user experience intuitive and visually clear and compelling. It is not only much faster than before, but easier to use.

Sandfly Security Linux Incident Response Dashboard
Linux Incident Response Dashboard.

MITRE ATT&CK Integration

Sandfly integrates our threat detection against the MITRE ATT&CK™ framework. Threat tactics and techniques that are part of the MITRE ATT&CK knowledgebase are easily referenced from the UI.

Sandfly Security MITRE ATT&CK alert dialog
MITRE ATT&CK Integration in alert dialog.

Performance

Sandfly was already fast, but we’ve continued to prioritize performance as we make improvements and add new features. Our latest version is 2 - 10X faster with extremely low system impact using our agentless technology.

Jump Host Support

Sandfly now supports SSH jump hosts. You can chain together jump hosts to move inside protected perimeters easily with our agentless threat hunter.

SSH Jump host support
Add jump host interface.

Sandfly Atlas - Multi-Network Operation

Sandfly now works across multiple networks including all the major cloud providers, private networks and everything in between. Distributed Sandfly nodes can receive scan requests from a centralized point and return data for easy analysis at one location.

Sandfly Threat Hunter

When a potential threat is identified, Sandfly Threat Hunter will search across your entire network to identify where the same threat exists on any of your systems. Quickly discover suspicious SSH keys, malicious processes, users, files and other forensic data. In the example below, we are using Sandfly Hunter to show where a malicious SSH key has been found across a group of hosts.

Sandfly Threat Hunter
Sandfly Threat Hunter search interface.

Systemd Analysis Engine

Systemd on Linux is an absolute security hotspot. The inherent complexity of the systemd service makes it easy for attackers to exploit vulnerabilities that are hard to find for even the most experienced Linux admin. Sandfly now has an analysis engine and detection modules built exclusively for systemd threats.

Multi-Architecture support

Already a feature of previous Sandfly versions, we made sure that 3.0 still has universal compatibility for all processors and distributions, only needing SSH to cover everything from massive cloud clusters to IOT embedded Linux devices to legacy systems. Sandfly continues to have the widest security coverage on the Linux platform.

We cover all Linux distributions including Debian, Ubuntu, Redhat, Fedora, Suse, Raspberry Pi, CentOS, Amazon, Arch Linux and many more. Sandfly will protect most Linux variants and versions running Intel, AMD, Arm or MIPS CPUs without any special modifications. We also cover legacy versions of these operating systems to make sure every system on your network has protection without needing to load agents on the endpoints.

Asset Management

Sandfly provides a new level of visibility across your fleet, showing you detailed software and hardware information of all your systems in one location.

Sandfly Asset Management
Sandfly Security's host visibility.

Host and Schedule Tagging

Group hosts by tags and schedule scans based on tag groups. You can quickly categorize groups of systems and direct custom scan schedules against them. Forensic Playbook (Coming Soon)

When Sandfly shows you an alert on your Linux hosts your team will also get detailed guidance within Sandfly on the key methods to investigate the alerts. The guidance is designed for rapid investigation using simple command line tools even for personnel with limited Linux security and forensics experience. New Sandfly Modules

New Sandfly threat modules have been added to detect malware tactics on Linux such as rogue systemd timers, suspicious kernel modules and more. Sandfly has the widest Linux threat detection coverage available.

More Coming

This release is a major upgrade, but more is coming soon. Try out Sandfly today and protect your Linux systems with agentless intrusion detection instantly.


Let Sandfly keep your Linux systems secure.

Protect Hosts Now