Sandfly is an agentless security platform purpose-built for Linux.


Sandfly is best understood as a compromise detection or intrusion tactics hunter. This is a shift in how many Endpoint Detection and Response (EDR) systems work as Sandfly specifically hunts for intruder activity the same way a very experienced Linux forensic investigator would. The difference is that Sandfly has a far deeper knowledge of attack tactics than a human investigator and we operate instantly and at very large scale with minimal performance impacts.


Further, Sandfly is 100% automated to check your systems 24 hours a day to give you instant alerts to trouble. With Sandfly running you have a constant presence on your Linux fleet hunting for intruders and without the risk and hassle of installing endpoint agents.


If you are an incident responder, Sandfly can be used in a manual mode to instantly assess systems for compromise and pull critical forensic data to speed up your investigation and clean-up. This allows your organization to get back in operation as quickly as possible saving valuable time and limiting damage.


If you are a Linux forensics novice, Sandfly does the hunting for you and tells you in plain English what the problem is if we do find something that is of concern.