What Sandfly Does

What Sandfly Does

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Sandfly provides agentless intrusion detection and endpoint security for Linux.

Sandfly is an agentless security bot which provides intrusion detection and endpoint security for Linux.

Security personnel are expensive and scarce. Sandfly is a fully automated security investigator that amplifies your team’s effectiveness to monitor Linux. Sandfly provides your team with accurate and detailed information to react quickly to threats even if your organization has limited Linux security experience in-house. 

A Tireless Linux Security Investigator

Sandfly Provides Constant Compromise Detection for Your Linux Network


Sandfly is agentless and uses small investigation bots (called sandflies) to do expert analysis on Linux hosts that indicate it is compromised or not. Sandflies move onto hosts as a swarm to perform investigations and then disappear leaving no trace. Loading agents on endpoints is a reliability and maintenance hassle. Sandfly’s agentless approach is easy. 


Many organizations have limited Linux security expertise in-house. Sandfly fills in these gaps by being a thorough and automated Linux security investigator hunting for intruders. Even with an experienced team, Sandfly makes them more effective by automating an in-depth security presence on Linux.


Sandfly detects many types of Linux stealth and non-stealth rootkits, Advanced Persistent Threats (APT), malware, website compromises, stolen credential access, and other attacks. Sandfly is persistent and thorough in monitoring Linux for malicious activity to give you an early alert that a compromise has happened.


False alarms not only waste your security team’s time, they also cause operator fatigue that can make them miss real threats that are happening. Sandfly focuses on spotting the outcomes of successful compromise that almost always indicate an intrusion has happened. This means low false alarms and higher effectiveness.