Sandfly is an agentless, instantly deployable, and safe Linux EDR and security platform.

Sandfly Security delivers an agentless, instantly deployable Linux EDR built specifically for critical infrastructure and enterprises. Our platform combines proactive monitoring with advanced threat hunting, incident response, and forensics capabilities, providing a future-proof solution that doesn’t rely on malware signatures. Instead, Sandfly detects malicious behaviors across a broad spectrum of Linux environments—on-premises, in the cloud, or air-gapped systems—ensuring safe, seamless, and effective protection.

Threat Detection - SSH Key Monitoring - Password Auditing - Drift Detection - Incident Response

Key Features

-  Agentless Deployment: Instantly deploy Sandfly across your Linux systems without agents, ensuring uninterrupted stability.

-  Instant Protection & Inventory: Gain an immediate, comprehensive inventory of all software and hardware versions, while monitoring and protecting against threats from day one.

-  Advanced Threat Detection: Identify attacker behaviors using a signature-free approach, providing robust coverage against a wide array of tactics, including MITRE ATT&CK techniques.

- Customizable Detection: Tailor Sandfly to your environment for focused threat monitoring and responsive insights.

- SSH and Password Auditing: Monitor SSH key usage and audit weak passwords to prevent lateral movement threats.