What Sandfly Does

What Sandfly Does

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Sandfly provides agentless intrusion detection and endpoint security for Linux.

Sandfly is an agentless intrusion detection and endpoint security system for Linux.

Security personnel are expensive and scarce. Sandfly is a fully automated security investigator that amplifies your team’s effectiveness to monitor Linux. Sandfly provides your team with accurate and detailed information to react quickly to threats even if your organization does not have Linux security experience in-house. 

A Tireless Linux Security Investigator

Sandfly Provides Constant Compromise Detection for Your Linux Network

AGENTLESS INVESTIGATIONS

Sandfly is agentless and uses small investigation modules (called sandflies) to do expert analysis on Linux hosts that indicate it is compromised or not. Sandflies move onto hosts as a swarm to perform investigations and then disappear leaving no trace. Loading agents on endpoints is a reliability and maintenance hassle. Sandfly’s agentless approach is easy. 

WE PROVIDE LINUX SECURITY EXPERTISE

Many organizations have limited Linux security expertise in-house. Sandfly fills in these gaps by being a thorough and automated Linux security investigator hunting for intruders. Even with an experienced team, we make them more effective by automating and augmenting an in-depth security presence on Linux.

FIND THE COMMON AND UNCOMMON

Sandfly detects many types of Linux stealth and non-stealth rootkits, Advanced Persistent Threats (APT), malware, website compromises, stolen credential access, and other attacks. Sandfly is persistent and thorough in monitoring Linux for malicious activity to give you an early alert that a compromise has happened.

LOW FALSE ALARMS

False alarms not only waste your security team’s time, they also cause operator fatigue that can make them miss real threats that are happening. Sandfly focuses on spotting the outcomes of successful compromise that almost always indicate an intrusion has happened. This means low false alarms and higher effectiveness.