Agentless Linux Security

Go agentless and secure Linux systems with extreme speed and reliability.

Protect 50 Hosts Free Now

Sandfly - Linux Security Without Agents

Sandfly is a purpose-built platform to detect intruders and protect Linux systems of all flavors and footprints without loading endpoint agents. We're Linux experts committed to helping you find intruders, malware, and compromise quickly, safely, and efficiently. Sandfly deploys rapidly with very little risk of performance or stability impacts of traditional agent-based security products.

Learn Why

Intrusion Detection and Incident Response for Linux

Stop compromise before damage is done. Deploy Sandfly within minutes to start automatically monitoring and detecting Linux security breaches. Our agentless security solution for Linux gives you accurate and detailed forensic information you need to react effectively without the risk of deploying endpoint agents.

Our extensive Linux security detection capabilities augment your knowledge and eliminate time-sucking manual tasks. Sandfly saves you time and money by avoiding false positives while minimizing malware and intruder dwell time.

Learn More
Sandfly Alert Detail

Identify, Track, and Respond to SSH Credential Use and Abuse

SSH keys can be a serious cause of compromise on Linux due to lack of monitoring. Sandfly's SSH Hunter puts you in control of this critical data with fully automated key tracking and auditing.

Sandfly agentlessly collects SSH public key data to build a profile of where keys are used, who is using them, when they were seen and much more. We also identify SSH risk factors such as duplicate keys and recently created keys.

Learn More
SSH Hunter Explorer Fullscreen

Find compromised Linux hosts automatically.

Protect Hosts Now

Protect All Linux Systems

Monitor a wide range of Linux systems without modifications. From large cloud clusters to containers to embedded Linux, Sandfly protects cross-platform with equivalent support spanning the most popular distributions. Sandfly works across different CPUs and even legacy environments - the same environments often left vulnerable by agent-based platforms.

Learn How


Sandfly only requires SSH access and has been tested on the platforms below, and a vast number more - we've got you covered!


Sandfly will protect most Linux variants and versions running Intel, AMD, Arm or MIPS CPUs without any modifications.

High Performance & Low CPU Impact

Our unique random scanning works without killing bandwidth, alerting attackers, impacting performance, or causing system instability.

Read More

Task Queue 4.0

Comprehensive Linux Protection

Sandfly is the Linux security and forensic expert your team needs.


Deploy instantly and immediately to support threat hunts across all your Linux systems, including on-premises and cloud deployments. Sandfly's agentless scanning protects both host operating systems and the Docker images they run.


Deploy over 1,100 modules designed to detect advanced Linux attacks such as credential theft, stealth rootkits, and evasive backdoors. Sandfly knows exactly where to look for attackers on Linux because it’s all we do.


Configure automatic response to threats with immediate intrusion containment and control. Agentless response features translates to fully automated protection across all your systems without worrying about addressing complex compatibility and stability issues.

Let Sandfly keep your Linux systems secure.

Protect Hosts Now