What Sandfly Does

What Sandfly Does

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Sandfly provides agentless intrusion detection and incident response for Linux.

Sandfly is an agentless security platform which provides intrusion detection and incident response for Linux. We are able to protect your Linux fleet without loading any software on your endpoints.

Security personnel are expensive and scarce. Sandfly is an automated security investigator that amplifies your team’s effectiveness to monitor Linux. We give your team accurate and detailed information to react quickly to threats, even if your organization has limited Linux forensic and security experience in-house. 

A Tireless Linux Security Investigator

Sandfly Provides Constant Compromise Detection for Your Linux Network


Sandfly is agentless and uses small investigation engines (called sandflies) to hunt for hackers and malware on Linux without loading any software on your endpoints. Loading agents on endpoints is a reliability and maintenance hassle. Sandfly’s agentless approach is easy. 


Many organizations have limited Linux security expertise in-house. Sandfly fills in these gaps by being a thorough and automated Linux security investigator hunting for intruders. Even with an experienced team, Sandfly makes them more effective by automating an extensive security presence on Linux.


Sandfly detects many types of Linux stealth and non-stealth rootkits, Advanced Persistent Threats (APT), malware, website compromises, stolen credential access, and other attacks out of the box. Teams can also write their own detection modules to find new Linux threats or help with immediate incident response. 


False alarms not only waste your security team’s time, they also cause operator fatigue that can make them miss real threats that are happening. Sandfly focuses on spotting the outcomes of successful compromise that almost always indicate an intrusion has happened. This means low false alarms and higher effectiveness.