Why Sandfly

Why Sandfly?

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Why You Need Sandfly Security for Your Linux Systems

The Linux operating system runs the Internet. It runs most e-commerce, web and cloud workloads. Linux is also used extensively to host critical infrastructure including network controllers, smart devices, Industrial Control Systems (ICS), healthcare, robotics and many more.

Yet, one of the biggest issues facing Linux security is the inability to get rapid and complete visibility across the entire spectrum of these applications and more. Linux systems end up with spotty security monitoring and this can lead to undetected breaches that can disrupt operations and expose sensitive data. Sandfly fixes these problems.

Linux can be hosted in massive cloud clusters supporting a core business, or it could be embedded in a $20 Raspberry Pi supporting a solar array.

Given the operations they support, Linux-based systems are a rich target for attackers. Yet because the Linux operating system covers many different versions, processors and uses—administrators can’t deploy agent-based protection without impacting performance and reliability. As a result, these crucial systems are often left with little or no visibility or monitoring. The outcome is that an attacker can dwell on unprotected Linux systems for months, if not years, without detection.


Sandfly solves these issues because it is agentless. Sandfly rapidly deploys on your Linux systems without loading any software on the endpoints. Our approach has virtually no impact on operations while providing world-class Linux intrusion detection instantly.

Agentless Efficiencies

Sandfly is agentless. Loading agents on endpoints is a reliability and maintenance hassle. Agents often hook into the kernel and cause instability, compatibility and performance issues—particularly when those systems are updated. Sandfly is agentless and uses small investigation engines (called sandflies) to hunt for hackers and malware on Linux without loading any software on your endpoints.

Because it is agentless, Sandfly’s detection can be turned on in seconds and won’t impact performance or reliability of your Linux systems. Sandfly can in fact improve performance by providing visibility into previously unknown activities that are impacting operations.

Built For Linux By Linux Experts

Sandfly is a 24×7 security auditor that knows where, how and what threat activity to look for on Linux. By monitoring for the building blocks that make an attack work, Sandfly accurately detects rootkits, lateral movement methods, hidden directories, process attacks, suspicious binaries, audit log evasion and many more activities associated with intrusions and compromised systems. 

Sandfly also detects remnants of dormant intrusions that left behind backdoors to allow remote access or data exfiltration. Sandfly uses rich datasets to reliably find and detect these and many more attacks automatically and fast.

sandfly visible across all linux systems

Let us show you how Sandfly can help.

What is a Sandfly?

A Sandfly is a small annoying biting black fly indigenous to New Zealand where Sandfly is headquartered. We call the product Sandfly because our investigative agents (sandflies) swarm the Linux systems. Sandflies bug intruders, making their life on a compromised system miserable, discouraging their attacks until they decide to move on to an easier target somewhere else.

Key Benefits

of Using Sandfly for Compromise Detection and Response.

SAVES TIME AND MONEY

Sandfly’s agentless security platform amplifies your team’s effectiveness by automatically hunting for Linux threats 24 hours a day. Sandfly bolsters your team’s readiness and knowledge with response and remediation advice to improve overall security of your Linux boxes. Sandfly is also accurate which reduces noise and false positives for administrators, saving valuable time by pointing them to attacks that require their attention. 

FAST AND CUSTOMIZABLE

Sandfly’s security platform deploys quickly because there is no need to install agents or other software on your Linux endpoints. While Sandfly comes pre-loaded with nearly 1,000 threat detection modules, security teams can customize their own detection and threat hunting modules, then immediately deploy them across their Linux fleet. 

INVISIBLE TO ATTACKERS

Because it is agentless, Sandfly leaves no footprint for attackers to detect and evade. Scans and search criteria are also set to run randomly in order to further avoid detection by attackers.

REDUCES DWELL TIME

Reduce intruder dwell time from months and years to just minutes with Sandfly. Sandfly discovers Linux compromises early so you can respond in a targeted and deliberate way. Dealing with new Linux threats or cleaning up an incident has never been easier.

See how Sandfly protects your Linux fleet.