Sandfly 3.0 Beta - Live Now
August 20, 2021
Sandfly 3.0 Beta is now available. Over the past few months we’ve made significant upgrades to Sandfly based on user feedback and our own product roadmap. Here is what’s new.
With a complete overhaul of the UI, we have made significant improvements in the ease of navigation and made our user experience intuitive and visually clear and compelling. It is not only much faster than before, but easier to use.
MITRE ATT&CK Integration
Sandfly integrates our threat detection against the MITRE ATT&CK™ framework. Threat tactics and techniques that are part of the MITRE ATT&CK knowledgebase are easily referenced from the UI.
Sandfly was already fast, but we’ve continued to prioritize performance as we make improvements and add new features. Our latest version is 2 - 10X faster with extremely low system impact using our agentless technology.
Jump Host Support
Sandfly now supports SSH jump hosts. You can chain together jump hosts to move inside protected perimeters easily with our agentless threat hunter.
Sandfly Atlas - Multi-Network Operation
Sandfly now works across multiple networks including all the major cloud providers, private networks and everything in between. Distributed Sandfly nodes can receive scan requests from a centralized point and return data for easy analysis at one location.
Sandfly Threat Hunter
When a potential threat is identified, Sandfly Threat Hunter will search across your entire network to identify where the same threat exists on any of your systems. Quickly discover suspicious SSH keys, malicious processes, users, files and other forensic data. In the example below, we are using Sandfly Hunter to show where a malicious SSH key has been found across a group of hosts.
Systemd Analysis Engine
Systemd on Linux is an absolute security hotspot. The inherent complexity of the systemd service makes it easy for attackers to exploit vulnerabilities that are hard to find for even the most experienced Linux admin. Sandfly now has an analysis engine and detection modules built exclusively for systemd threats.
Already a feature of previous Sandfly versions, we made sure that 3.0 still has universal compatibility for all processors and distributions, only needing SSH to cover everything from massive cloud clusters to IOT embedded Linux devices to legacy systems. Sandfly continues to have the widest security coverage on the Linux platform.
We cover all Linux distributions including Debian, Ubuntu, Redhat, Fedora, Suse, Raspberry Pi, CentOS, Amazon, Arch Linux and many more. Sandfly will protect most Linux variants and versions running Intel, AMD, Arm or MIPS CPUs without any special modifications. We also cover legacy versions of these operating systems to make sure every system on your network has protection without needing to load agents on the endpoints.
Sandfly provides a new level of visibility across your fleet, showing you detailed software and hardware information of all your systems in one location.
Host and Schedule Tagging
Group hosts by tags and schedule scans based on tag groups. You can quickly categorize groups of systems and direct custom scan schedules against them. Forensic Playbook (Coming Soon)
When Sandfly shows you an alert on your Linux hosts your team will also get detailed guidance within Sandfly on the key methods to investigate the alerts. The guidance is designed for rapid investigation using simple command line tools even for personnel with limited Linux security and forensics experience. New Sandfly Modules
New Sandfly threat modules have been added to detect malware tactics on Linux such as rogue systemd timers, suspicious kernel modules and more. Sandfly has the widest Linux threat detection coverage available.